Linux Users of Victoria, Inc.

If you work in IT you probably have people ask you random questions out of nowhere from time to time. I was recently asked about how to bypass Apple iCloud device locking.



First of all, my opinion of this. I just try to avoid this space (from any perspective). If it sounds too good/cheap to be true it probably is, yadayada...



There does seem to be some tools online to enable checking prior to purchase but obviously even that isn't full proof. For example, if the seller knows that the goods have been locked but never connects to Apple servers then it is impossible/unlikely that the device in question will be locked prior to be the sale. They could feign ignorance also when confronted, law enforcement and the legal system may offer no avenue for recourse, etc...

https://support.apple.com/en-au/HT201581

http://apple.stackexchange.com/questions/62448/find-original-sales-information-of-macbook-by-serial-number

https://www.powermax.com/stolen/index

http://notebooks.com/2011/05/10/how-to-avoid-buying-a-stolen-mac-apple-store-robbed-of-24-macbooks-in-30-seconds-video/

http://www.reddit.com/r/apple/comments/1lfko4/macbook_pro_got_stolen_how_can_i_access_the/

Safe to give out the serial number of a Mac I'm selling?

http://arstechnica.com/civis/viewtopic.php?f=19&t=93200

https://www.icloud.com/activationlock/

http://apple.stackexchange.com/questions/132478/macbook-pro-locked-with-find-my-mac-and-wont-let-me-boot

http://www.cnet.com/au/news/apples-icloud-lock-for-macs-is-not-very-secure/

iPhone 6 Plus Are "Stolen Goods" from Futu_Online eBay Promotion

https://www.ozbargain.com.au/node/205809

http://www.amta.org.au/pages/amta/Check.the.Status.of.your.Handset



If you've been watching this space for a while you'll know that about the Doucli bypass. This seems to work based on MITM (Man in the Middle Attack) principles (I haven't taken too close a look at this).

http://maypalo.com/2014/05/24/doulci-alternative-method-gadgetwide/

http://howtosifiwiki.com/bypass-icloud-account/

http://apple.stackexchange.com/questions/167978/factory-reset-an-ipad-without-knowing-the-icloud-password



For those who don't know what this is is that any communications that go from Apple to your device now go through a third party (Doucli). Doucli filters out any traffic which relates to iCloud locking or simply inserts a different set of communications which can then unlock the device. For anyone who knows how this is done this can be extremely tedious and difficult especially if the defender has taken extensive counter-measures against attack.



If you are interested in possible avenues of attacking it here goes:

- preventing it from locking your device should be simple enough. Don't connect it to the Internet and allow it to hook up with Apple servers. Earlier versions of the Doucli hack depend on DNS host file hacking. Later version of Apple software seems to block this behaviour though. Easiest way around this is to setup a layered defense/attack with DNS re-directs occuring at multiple points between you and Apple whether it may be via software (relevant configuration files, virtual machines, containers, etc...) and/or hardware (networking hardware, servers, etc...)

- the network/server setup of Apple systems is such that the authentication servers may not be isolated from the store purchases making things slightly more difficult (there are plenty of programs out there to do this). If you must use a second/intermediary system to which downloads music/software and use this to transfer to another system which is never connected online. This allows you to have the benefits of the purchasing online while not having to deal with iCloud authentication issues. Your device can not be locked without relevant identifying information being transferred between yourself and Apple (obviously, if this becomes a widespread means of bypassing iCloud then they'll be counter-measures which are deployed, etc...)

- the game keeps on changing. As cracks in the protocol/system are identified attackers and Apple have to continually change the game. If you really want to understand it, you're best trying to understand live packet manipulation and reverse engineering/cracking or DRM systems

- I've looked at this and for me the easiest way to attack is via direct hardware if your device is locked. It requires no advance knowledge of the software/protocol and is reliant entirely on the way in which data is stored on the device itself (obviously, this only makes the problem slightly easier to deal with). It's similar to the way in which firmware reset mode works on embedded devices such as eBooks and to the way in which bypass is achieved in physical security systems. The only troubling thing may access. They're BGA! Realistically this could mean that this type of attack is neigh on impossible (I think it may be possible though. When I have dead hardware lying around I often play around with it. A single copper fibre and the right type of signal/voltage may be enough to create the type of data corruption that I require). Effectively, the type of attack that I envisage revolves around storage corruption. Since, everything is stored via a combination of encrypted keys at multiple layers my belief is that destroying/corrupting the storage and restoring iOS clean and bypassing Apple servers is easier than engaging in a continual race against Apple (making the assumption that restoration of iOS can be completed independently of iCloud lock checking)

http://dtbnguyen.blogspot.com/2012/07/if-only-reading-were-easier.htmlhttp://dtbnguyen.blogspot.com/2012/08/funky-firmware.html

http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf

https://www.ifixit.com/Answers/View/192220/Is+it+possible+to+transfer+NAND+Flash+from+iPhone+to+another

http://www.datarecovery.net/newsletters/what-kills-flash-drive.html

Toshiba THGBX2G7B2JLA01 16 GB NAND Flash

SK Hynix H2JTDG8UD1BMR 16 GB NAND Flash

- clearly, I'm working on the premise that attacking hardware is easier than attacking software since it is more difficult to change. To change the pin-out structure on a single chip requires re-tooling on a mass scale for chips that may also be used in other devices making it un-economical for both Apple and flash chip manufacturers to engage in. Once a design is out there, we can just figure it out and it should work across that entire design specification/model though... Of course, this could be somewhat of a moot point because a lot of Apple devices aren't easily upgradeable, change layout on each iteration, etc...

- another type of attack revolves around changing identifying information on the device and then clearing iOS. That said, you don't know whether or not Apple may have some sort of unique/class based identification system which may block non-Apple identified systems from accessing their servers. Either way, it requires a second system to act as an intermediary

- insider at Apple who removes gives you a 'clean sheet'

- that said, much of what I'm saying here is theoretical. I don't have access to an iPod/iPad at the moment so I don't know The best I've been able to manage are online teardowns

http://www.techhive.com/article/116572/article.html

http://superuser.com/questions/616033/are-unpowered-ssds-vulnerable-to-an-emp-shock

http://www.survivalistboards.com/showthread.php?t=72855

http://electronics.stackexchange.com/questions/36921/does-magnetism-affect-sd-cards

https://en.wikipedia.org/wiki/Flash_memory



Cracking Open: Apple iPad Air 2

https://www.youtube.com/watch?v=-tZlpBz8WF4

https://www.ifixit.com/Teardown/iPad+Mini+Wi-Fi+Teardown/11423

https://www.ifixit.com/Teardown/iPad+Mini+2+Teardown/19374

https://www.ifixit.com/Teardown/iPad+Mini+3+Wi-Fi+Teardown/30628

https://www.ifixit.com/Teardown/iPad+Wi-Fi+Teardown/2183

https://www.ifixit.com/Teardown/iPad+3+4G+Teardown/8277

https://www.ifixit.com/Teardown/iPad+Air+LTE+Teardown/18907

https://www.ifixit.com/Teardown/iPad+Air+2+Teardown/30592

- just don't get why some groups simply don't release downloadable software which can be used to bypass. A local/loopback proxy would likely have minimal system impact if the protocol break feels as simple as it could possibly be. My guess is that at least some hacker/cracker groups are using the (supposedly) free and altruistic bypasses as a means of gaining access to people's private details. All the more reason to avoid these third party hacks and buy equipment 'clean'...

- if you're used to researching DRM and disassembly/reverse engineering of files some of the above may seem foreign to you. Believe me, it's not that much of a leap up. Conceptually, many of the same techniques and theories are employed. You just have to get used to a new setting. That's all...



Identify your iPod model

https://support.apple.com/en-au/HT204217



Diagnostic mode for Apple iPod devices

https://discussions.apple.com/thread/3110831

http://www.methodshop.com/gadgets/ipodsupport/diagnosticmode/index.shtml



Sources/options for replacement storage on iPod Classics

http://www.ebay.com/bhp/ipod-classic-120gb-hard-drive

http://rockbox.cool.haxx.narkive.com/ibajtp9V/mk1214gah-or-spinpoint-n2

http://blog.macsales.com/28857-give-your-ipod-classic-new-life-with-owc-iflash

http://eshop.macsales.com/item/OWC/TARIPODFLSH/

http://apple.stackexchange.com/questions/89367/were-the-2009-mbps-affected-by-the-nvidia-problem

http://forums.whirlpool.net.au/archive/1123805



Source for replacement of Apple parts locally

https://www.macfixit.com.au/apple-ipad-iphone-ipod-accessories/ipad-iphone-ipod-repair-replacement-parts/ipod-parts.htmlhttp://fixspot.com.au/apple-iphone-ipad-ipod-samsung-galaxy-repair-price-melbourne-cbd-city/Enabling alternative filesystem support on Mac OS X Yosemite

http://www.cnet.com/au/news/how-to-manually-enable-ntfs-read-and-write-in-os-x/

http://apple.stackexchange.com/questions/152661/write-to-ntfs-formated-drives-on-yosemite

http://computers.tutsplus.com/tutorials/quick-tip-how-to-write-to-ntfs-drives-in-os-x-mavericks--cms-21434

http://www.cnet.com/au/how-to/how-to-manage-ext2ext3-disks-in-os-x/

http://osxdaily.com/2014/03/20/mount-ext-linux-file-system-mac/



Booting Live Linux discs on an Apple Macbook

http://askubuntu.com/questions/71189/how-do-i-boot-the-live-cd-on-a-macbook-pro

https://en.wikipedia.org/wiki/List_of_live_CDs



Mac OS X Live discs are an interesting option for those who are interested in testing/trying Mac OS X without wanting to purchase hardware beforehand.

http://www.insanelymac.com/forum/topic/22193-104145-live-and-install-dvd/

http://www.insanelymac.com/forum/forum/109-os-x-livedvd/



How to install latest Mac OS X on iMac without original DVD

https://discussions.apple.com/thread/7006750Create a bootable installer for OS X Mavericks or Yosemite

https://support.apple.com/en-au/HT201372Create A Bootable OS X Yosemite DVD/USB Drive

https://discussions.apple.com/thread/6619535



https://itunes.apple.com/au/app/os-x-yosemite/id915041082?mt=12

https://developer.apple.com/osx/download/

https://beta.apple.com/sp/betaprogram/

http://www.opensource.apple.com/source/

http://www.opensource.apple.com/

http://apple.stackexchange.com/questions/151137/how-to-get-osx-yosemite-outside-the-mac-app-store

http://apple.stackexchange.com/questions/150896/sha1-hash-for-osx-10-10-yosemite-public-release

ISBN: 9781743519103

LibraryThing

Written by a Victoria Cross recipient, this is the true story of a messed up kid who made something of himself. Mark's dad died of cancer when he was young, and his mum was murdered. Mark then went through a period of being a burden on society, breaking windows for fun and generally being a pain in the butt. But then one day he decided to join the army...



This book is very well written, and super readable. I enjoyed it a lot, and I think its an important lesson about how troubled teenagers are sometimes that way because of pain in their past, and can often still end up being a valued contributor to society. I have been recommending this book to pretty much everyone I meet since I started reading it.



Tags for this post: book mark_donaldson combat sas army afghanistan

Related posts: Goat demoted Comment Recommend a book

The kids at coding club have decided that we should write an implementation of pong in python. I took a look at some options, and decided tkinter was the way to go. Thus, I present a pong game broken up into stages which are hopefully understandable to an 11 year old: Operation Terrible Pong.



Tags for this post: coding_club python game tkinter

Related posts: More coding club; Implementing SCP with paramiko; Coding club day one: a simple number guessing game in python; Packet capture in python; mbot: new hotness in Google Talk bots; Calculating a SSH host key with paramiko



Comment

You're perhaps aware of Google Translation services, and if you know more than one human language you can contribute and help to improve this service via Google Translate Community (BETA).

You also might be interested to know that Yandex, a Russian google, has their Yandex Translation Service running, which in many cases gives better translation for Russian - English pair of languages.

“How’d you solve the icing problem?”

“Icing problem?”

“Might want to look into it.”

— Iron Man (2008)

On a particularly cold Saturday morning a couple of years ago, my mobile phone couldn’t get any signal for a few hours. But I didn’t really care, because I had breakfast to eat, animals to feed, and nobody I urgently needed to talk to at the time. Also it came good again shortly after midday.

The following week the same thing happened, but for rather longer, i.e. well into the evening. This was enough to prompt me to use my landline to call Optus (our mobile phone provider) and report a fault. The usual dance ensued:

“Have you tried turning it off and on again?”

“Yes.”

“Have you tried a different handset?”

“Yes.”

“A different SIM?”

“Yes.”

“Holding the phone in your other hand?”

“Yes.”

“Sacrificing a lamb to the god Mercury?”

“Yes.”

I might be misremembering the details of the conversation, but you get the idea. Long story short, I got a fault lodged.

Later I received a call – on my mobile – asking if my mobile was working again. “Indeed it is, and you wouldn’t have been able to make this call if it wasn’t”, I replied. Then I asked what the problem had been. “Let me check”, said the support person. “Uhm… It says here there was… 100mm of ice on the local tower.”

Flash forwards to a couple of days ago, when snow fell down to sea level for the first time since 2005, and my mobile phone was dead again. I can only assume they haven’t solved the icing problem, and that maybe the local NBN fixed wireless tower suffers from the same affliction, as that was dead too for something like 24 hours.

It was very pretty though.

The launchpad API docs are OMG terrible, and it took me way too long to work out how to do this, so I thought I'd document it for later. Here's how you list all the open bugs in a launchpad project using the API:

#!/usr/bin/python import argparse import os from launchpadlib import launchpad LP_INSTANCE = 'production' CACHE_DIR = os.path.expanduser('~/.launchpadlib/cache/') def main(username, project): lp = launchpad.Launchpad.login_with(username, LP_INSTANCE, CACHE_DIR) for bug in lp.projects[project].searchTasks(status=["New", "Incomplete", "Confirmed", "Triaged", "In Progress"]): print bug if __name__ == '__main__': parser = argparse.ArgumentParser(description='Fetch bugs from launchpad') parser.add_argument('--username') parser.add_argument('--project') args = parser.parse_args() main(args.username, args.project)

Tags for this post: launchpad api

Related posts: Taking over a launch pad project; Juno nova mid-cycle meetup summary: the next generation Nova API



Comment

There’s a significant debate going on at the moment in the Bitcoin world; there’s a great deal of information and misinformation, and it’s hard to find a cogent summary in one place.  This post is my attempt, though I already know that it will cause me even more trouble than that time I foolishly entitled a post “If you didn’t run code written by assholes, your machine wouldn’t boot”.

The Technical Background: 1MB Block Limit

The bitcoin protocol is powered by miners, who gather transactions into blocks, producing a block every 10 minutes (but it varies a lot).  They get a 25 bitcoin subsidy for this, plus whatever fees are paid by those transactions.  This subsidy halves every 4 years: in about 12 months it will drop to 12.5.

Full nodes on the network check transactions and blocks, and relay them to others.  There are also lightweight nodes which simply listen for transactions which affect them, and trust that blocks from miners are generally OK.

A normal transaction is 250 bytes, and there’s a hard-coded 1 megabyte limit on the block size.  This limit was introduced years ago as a quick way of avoiding a miner flooding the young network, though the original code could only produce 200kb blocks, and the default reference code still defaults to a 750kb limit.

In the last few months there have been increasing runs of full blocks, causing backlogs for a few hours.  More recently, someone deliberately flooded the network with normal-fee transactions for several days; any transactions paying less fees than those had to wait for hours to be processed.

There are 5 people who have commit access to the bitcoin reference implementation (aka. “bitcoin-core”), and they vary significantly in their concerns on the issue.

The Bitcoin Users’ Perspective

From the bitcoin users perspective, blocks should be infinite, and fees zero or minimal.  This is the basic position of respected (but non-bitcoin-core) developer Mike Hearn, and has support from bitcoin-core ex-lead Gavin Andresen.  They work on the wallet and end-user side of bitcoin, and they see the issue as the most urgent.  In an excellent post arguing why growth is so important, Mike raises the following points, which I’ve paraphrased:

1. Currencies have network effects. A currency that has few users is simply not competitive with currencies that have many.
2. A decentralised currency that the vast majority can’t use doesn’t change the amount of centralisation in the world. Most people will still end up using banks, with all the normal problems.
3. Growth is a part of the social contract. It always has been.
4. Businesses will only continue to invest in bitcoin and build infrastructure if they are assured that the market will grow significantly.
5. Bitcoin needs users, lots of them, for its political survival. There are many people out there who would like to see digital cash disappear, or be regulated out of existence.

At this point, it’s worth mentioning another bitcoin-core developer: Jeff Garzik.  He believes that the bitcoin userbase has been promised that transactions will continue to be almost free.  When a request to change the default mining limit from 750kb to 1M was closed by the bitcoin lead developer Wladimir van der Laan as unimportant, Jeff saw this as a symbolic moment:

Disappointing. New #Bitcoin Core policy: stealth fee increases https://t.co/pir9uUOLet Zero plan to communicate this to BTC users :(

— Jeff Garzik (@jgarzik) July 21, 2015

What Happens If We Don’t Increase Soon?

Mike Hearn has a fairly apocalyptic view of what would happen if blocks fill.  That was certainly looking likely when the post was written, but due to episodes where the blocks were full for days, wallet designers are (finally) starting to estimate fees for timely processing (miners process larger fee transactions first).  Some wallets and services didn’t even have a way to change the setting, leaving users stranded during high-volume events.

It now seems that the bursts of full blocks will arrive with increasing frequency; proposals are fairly mature now to allow users to post-increase fees if required, which (if all goes well) could make for a fairly smooth transition from the current “fees are tiny and optional” mode of operation to a “there will be a small fee”.

But even if this rosy scenario is true, this begs the question of how high fees can become before bitcoin becomes useless.  1c?  5c?  20c? $1?

So What Are The Problems With Increasing The Blocksize?

In a word, the problem is miners.  As mining has transitioned from a geek pastime, semi-hobbyist, then to large operations with cheap access to power, it has become more concentrated.

The only difference between bitcoin and previous cryptocurrencies is that instead of a centralized “broker” to ensure honesty, bitcoin uses an open competition of miners. Given bitcoin’s endurance, it’s fair to count this a vital property of bitcoin.  Mining centralization is the long-term concern of another bitcoin-core developer (and my coworker at Blockstream), Gregory Maxwell.

Control over half the block-producing power and you control who can use bitcoin and cheat anyone not using a full node themselves.  Control over 2/3, and you can force a rule change on the rest of the network by stalling it until enough people give in.  Central control is also a single point to shut the network down; that lets others apply legal or extra-legal pressure to restrict the network.

What Drives Centralization?

Bitcoin mining is more efficient at scale. That was to be expected[7]. However, the concentration has come much faster than expected because of the invention of mining pools.  These pools tell miners what to mine, in return for a small (or in some cases, zero) share of profits.  It saves setup costs, they’re easy to use, and miners get more regular payouts.  This has caused bitcoin to reel from one centralization crisis to another over the last few years; the decline in full nodes has been precipitous by some measures[5] and continues to decline[6].

Consider the plight of a miner whose network is further away from most other miners.  They find out about new blocks later, and their blocks get built on later.  Both these effects cause them to create blocks which the network ignores, called orphans.  Some orphans are the inevitable consequence of miners racing for the same prize, but the orphan problem is not symmetrical.  Being well connected to the other miners helps, but there’s a second effect: if you discover the previous block, you’ve a head-start on the next one.  This means a pool which has 20% of the hashing power doesn’t have to worry about delays at all 20% of the time.

If the orphan rate is very low (say, 0.1%), the effect can be ignored.  But as it climbs, the pressure to join a pool (the largest pool) becomes economically irresistible, until only one pool remains.

Larger Blocks Are Driving Up Orphan Rates

Large blocks take longer to propagate, increasing the rate of orphans.  This has been happening as blocks increase.  Blocks with no transactions at all are smallest, and so propagate fastest: they still get a 25 bitcoin subsidy, though they don’t help bitcoin users much.

Many people assumed that miners wouldn’t overly centralize, lest they cause a clear decentralization failure and drive the bitcoin price into the ground.  That assumption has proven weak in the face of climbing orphan rates.

And miners have been behaving very badly.  Mining pools orchestrate attacks on each other with surprising regularity; DDOS and block withholding attacks are both well documented[1][2].  A large mining pool used their power to double spend and steal thousands of bitcoin from a gambling service[3].  When it was noticed, they blamed a rogue employee.  No money was returned, nor any legal action taken.  It was hoped that miners would leave for another pool as they approached majority share, but that didn’t happen.

If large blocks can be used as a weapon by larger miners against small ones[8], it’s expected that they will be.

More recently (and quite by accident) it was discovered that over half the mining power aren’t verifying transactions in blocks they build upon[4].  They did this in order to reduce orphans, and one large pool is still doing so.  This is a problem because lightweight bitcoin clients work by assuming anything in the longest chain of blocks is good; this was how the original bitcoin paper anticipated that most users would interact with the system.

The Third Side Of The Debate: Long Term Network Funding

Before I summarize, it’s worth mentioning the debate beyond the current debate: long term network support.  The minting of new coins decreases with time; the plan of record (as suggested in the original paper) is that total transaction fees will rise to replace the current mining subsidy.  The schedule of this is unknown and generally this transition has not happened: free transactions still work.

The block subsidy as I write this is about $7000.  If nothing else changes, miners would want $3500 in fees in 12 months when the block subsidy halves, or about $2 per transaction.  That won’t happen; miners will simply lose half their income.  (Perhaps eventually they form a cartel to enforce a minimum fee, causing another centralization crisis? I don’t know.)

It’s natural for users to try to defer the transition as long as possible, and the practice in bitcoin-core has been to aggressively reduce the default fees as the bitcoin price rises.  Core developers Gregory Maxwell and Pieter Wuille feel that signal was a mistake; that fees will have to rise eventually and users should not be lulled into thinking otherwise.

Mike Hearn in particular has been holding out the promise that it may not be necessary.  On this he is not widely supported: that some users would offer to pay more so other users can continue to pay less.

It’s worth noting that some bitcoin businesses rely on the current very low fees and don’t want to change; I suspect this adds bitterness and vitriol to many online debates.

Summary

The bitcoin-core developers who deal with users most feel that bitcoin needs to expand quickly or die, that letting fees emerge now will kill expansion, and that the infrastructure will improve over time if it has to.

Other bitcoin-core developers feel that bitcoin’s infrastructure is dangerously creaking, that fees need to emerge anyway, and that if there is a real emergency a blocksize change could be rolled out within a few weeks.

At least until this is resolved, don’t count on future bitcoin fees being insignificant, nor promise others that bitcoin has “free transactions”.

[1] http://www.coindesk.com/bitcoin-mining-pools-ddos-attacks/ “Bitcoin Mining Pools Targeted in Wave of DDOS Attacks” Coinbase 2015

[2] http://blog.bettercrypto.com/?p=1131 “Block Withholding Attacks – Recent Research” N T Courtois 2014

[3] https://bitcointalk.org/index.php?topic=327767.0 “GHash.IO and double-spending against BetCoin Dice” mmtech et. al 2013

[4] https://www.reddit.com/r/Bitcoin/comments/3c8tq2/questions_about_the_july_4th_bip66_fork/cstgajp “Questions about the July 4th BIP66 fork”

[5] https://twitter.com/petertoddbtc/status/608475414449778688 “350,000 full nodes to 6,000 in two years…” P Todd 2015

[6] https://getaddr.bitnodes.io/dashboard/?days=365 “Reachable nodes during the last 365 days.” Bitnodes.io

[7] https://bitcointalk.org/index.php?topic=532.msg6306#msg6306 “Re: Scalability and transaction rate” Satoshi 2010

[8] http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg08161.html “[Bitcoin-development] Mining centralization pressure from non-uniform propagation speed” Pieter Wuille 2015

My good friends at the Amateur Radio Experimenters Group (AREG), an Adelaide based Ham radio club, have organised a special FreeDV QSO Party Weekend on Sat/Sun September 12/13th. This is a great chance to try out FreeDV, work VK5 using open source HF digital voice, and even talk to me!

All the details including paths, frequencies, and times over on the AREG site.

This is the entire complaint that was received:

We are an IT security company from Spain.

We have detected sensitive information belonging to Banesco Banco Universal, C.A. clientes.

As authorized representative in the resolution of IT security incidents affecting Banesco Banco Universal, C.A., we demand the deletion of the content related to Banesco Banco Universal, C.A, clients. This content violates the law about electronic crime in Venezuela (see “Ley Especial sobre Delitos Informáticos de Venezuela”, Chapter III, Articles 20 y 23).

Note the complete lack of any information regarding what URLs, or even which site(s), they consider to be problematic. Nope, just “delete all our stuff!” and a wave of the “against the law somewhere!” stick.

Keynote: Consequences of an Insightful Algorithm

by Carina C. Zona

Carina gave a fantastic talk of the very real consequences of our interactions with data mining and the algorithms used to target us. A must watch when the video comes out.

Update: Video is now available here. Slides are over there.

Adventures in pip land

by Robert Collins

A humorous and contructive talk on the pitfalls of pip. Strongly recommended that people no longer use it.

Arrested Development - surviving the awkward adolescence of a microservices-based application

By Scott Triglia

• Logging is a super power.
• Be explicit
• Measure everything
• Scale via automation

Rapid prototyping with teenagers

by Katie Bell

• Run coding camps and competitions for kids with no prior experience required.
• Courses and competitions designed to bootstrap kids into programming basics.

Test-Driven Repair

by Christopher Neugebauer

• Bad tests are better than no tests.
• Write tests early.
• Results in better interfaces.
• Clearer separation.
• Write tests first.
• An interface is anything that gives OK isolation to the code you want to test.
• Good interfaces tests will test very branch.
• Measure all the things.
• Measure setup time
• Measure execution time
• Run tests thoroughly nightly.
• Make it easy to translate a bug report into a test case.
• Retain your test cases and run them regularly.

Playing to lose: making sensible security decisions by assuming the worst

by Tom Eastman

• Minimise the attack surface.
• Reduce the privileges of the account used by the app.
• Eliminate SQL injections.
• White list input validation.
• "Escape" all data appropriately.
• Use Content Security Policy to protect against cross site scripting.
• Don't have all your eggs in one basket.
• You can always have better logging. Off site logging is useful.
• Take a look at the ELK stack.

• 10 Awful (But Funny) Résumés That People Actually Submitted http://t.co/KZqroMVRWp 16:33:02, 2015-08-01
• Assessment: Identify Your Entrepreneurial Personality Type (HBR) http://t.co/pVLTqfdQyp 14:19:00, 2015-08-01
• Why Gen-Y men aren’t the Dads they thought they’d be http://t.co/5qd3oHO7iW 14:19:02, 2015-07-31
• Coal not good for reducing poverty, Oxfam report says http://t.co/zKH5xmSTU7 #auspol 10:42:12, 2015-07-31
• Lack of transparency in political donations is a recipe for corruption http://t.co/NkBbtFycyh #auspol 10:42:01, 2015-07-28
• Virtual Reality for the masses could account for a third of all digital video consumption within two years http://t.co/ACt7K1ryeq 16:33:08, 2015-07-27

ISBN: 1447290496

LibraryThing

I don't read as much as I should these days, but one author I always make time for is John Scalzi. This is the next book in the Old Man's War universe, and it continues from where The Human Division ended on a cliff hanger. So, let's get that out of the way -- ending a book on a cliff hanger is a dick move and John is a bad bad man. Then again I really enjoyed The Human Division, so I will probably forgive him.



I don't think this book is as good as The Human Division, but its a solid book. I enjoyed reading it and it wasn't a chore like some books this far into a universe can be (I'm looking at you, Asimov share cropped books). The conclusion to the story arc is sensible, and not something I would have predicted, so overall I'm going to put this book on my mental list of the very many non-terrible Scalzi books.



Tags for this post: book john_scalzi combat aliens engineered_human old_mans_war age colonization human_backup cranial_computer personal_ai

Related posts: The Last Colony ; The Human Division; Old Man's War ; The Ghost Brigades ; Old Man's War (2); The Ghost Brigades (2) Comment Recommend a book

We’ve finally had time to finalise Korora 22 and images are now available. I strongly recommend downloading with BitTorrent if you can.

We are not shipping Adobe Flash by default from 22 onwards, due to consistent security flaws. We still include the repository however, so users can install via the package manager or command line if they really want it:



sudo dnf install flash-plugin

Alternatively, install Google Chrome which includes the latest version of Flash.

Also, KDE 4 is not available for this release, so if you are not ready to move to KDE 5, then please stick to Korora 21.

The list of available wifi channels is slightly different from country to country. To ensure access to the right channels and transmit power settings, one needs to set the right regulatory domain in the wifi stack.

Linux

For most Linux-based computers, you can look and change the current regulatory domain using these commands:

iw reg get iw reg set CA

where CA is the two-letter country code when the device is located.

On Debian and Ubuntu, you can make this setting permanent by putting the country code in /etc/default/crda.

Finally, to see the list of channels that are available in the current config, use:

iwlist wlan0 frequency OpenWRT

On OpenWRT-based routers (including derivatives like Gargoyle), looking and setting the regulatory domain temporarily works the same way (i.e. the iw commands above).

In order to persist your changes though, you need to use the uci command:

uci set wireless.radio0.country=CA uci set wireless.radio1.country=CA uci commit wireless

where wireless.radio0 and wireless.radio1 are the wireless devices specific to your router. You can look them up using:

uci show wireless

To test that it worked, simply reboot the router and then look at the selected regulatory domain:

iw reg get Scanning the local wifi environment

Once your devices are set to the right country, you should scan the local environment to pick the least congested wifi channel. You can use the Kismet spectools (free software) if you have the hardware, otherwise WifiAnalyzer (proprietary) is a good choice on Android (remember to manually set the available channels in the settings).

Keynote: Designed for education: a Python solution

by Carrie Anne Philbin

Excellent keynote on using Python in education. Many interesting insights into what's being done well, what needs improving and how to contribute.

Slow Down, Compose Yourself - How Composition Can Help You Write Modular, Testable Code

by Amber "Hawkie" Brown

• Modularity and testability traits are desirable.
• Tests are the only way ti ensure your code works
• When designing a system, plan for these traits
• Fake components can be used to return hard to replicate conditions ie: a database returning "no more space"
• Ensure you have correctness at every level.
• Suggests using practices from better (functional programming) languages like Haskell with Python.

Tales from Managing an Open Source Python Game

by Josh Bartlett

• Trosnoth is a 2D side scrolling game.
• Team strategy game
• Involve people at every step of the process.
• Have a core group of interested people and allow them to contribute and become involved to increase commitment.
• Build community.
• Get people excited
• Be prepared to be wrong.
• Encourage people to be involved.
• Start with "good enough".
• Re-writing everything blocked contributions for the period of the re-write.
• Look for ideas anywhere.
• Mistakes are a valuable learning opportunity.
• Your people and your community are what makes the project work.

Ansible, Simplicity, and the Zen of Python

by Todd Owen (http://2015.pycon-au.org/schedule/30057/view_talk?day=saturday)

• Ansible is a push model of configuration management and automation.
• Pull model of Chef and Puppet is unnecessarily complex.
• Ansible's simplicity is a great asset
• Graceful and clear playbooks.
• Simple is better than complex.
• Complex is better than complicated.
• Flat is better than nested.
• Ansible modules are organised without hierarchy.
• Ansible only uses name spaces for roles.
• Explicit is better than implicit. Implicit can become invisible to users.
• Ansible id very consistent.
• Simple by design.
• Easy to learn.

Docker + Python

by Tim Butler

• Prefers to think of containers as application containers.
• Docker is an abstraction layer focussed on the application it delivers.
• Easy, repeatable deployments.
• Not a fad, introduced 15 years again.
• Google launch over 2 billion containers per week.
• Docker is fast, lightweight, isolated and easy.
• Rapidly changing and improving.
• Quickly changing best practices.
• Containers are immutable.
• No mature multi-host deployment.
• Security issues addressed via stopping containers and starting a patched one (milliseconds)
• Simple and clear subcommands.
• Docker compose for orchestration.
• Docker machine creates to the Docker host for you.
• Future
• Volume plugin
• New networking system so it actually works at scale.

Testing ain't hard, even for SysAdmins

by Geoff Crompton

• Salt stack provides:
• configuration management
• loosely coupled infrastructure coordination.
• Orchestration
  • remote execution
  • discovery
• unittest 101
• create a test directory
• write a test
• gave an example of a "hello world" of tests.
• uses unittest.main.
• Nose extends unittest to better facilitate multiple unit tests.
• Mock allows the replacement of modules for testing.
• Keep tests small.

Python on the move: The state of mobile Python

by Russell Keith-Magee

• iOS
• Claims Python on mobile is very viable.
• Most of the failing bugs are not services you want on mobile anyway.
• libffi problems needs to be resolved.
• Android
• Compiler issues not quite resolved.
• libffi problems needs to be resolved.
• What not Jython? Does not compile on Android. Nor will many of it's dependencies.
• Jython is probably not the right solution anyway.
• Thinks you may be able to compile Python directly to Java...uses Byterun as an example.
• Kivy works now and worth using.
• His project Toga is coming along nicely.
• Admits he may be on a fools errand but thinks this is achievable.

Journey to becoming a Developer: an Administrators story

by Victor Palma

• The sysadmin mindset of get things fixed as fast as possible needs to be shed.
• Take the time to step back and consider problems.
• Keep things simple, explicit and consistent.
• Do comments in reStructured Text.
• Unless you're testing, you're not really coding.
• Tools include tox and nose.
• Don't be afraid to experiment.
• Find something you are passionate about and manipulate that data.

Guarding the gate with Zuul

by Joshua Hesketh

• Gerrit does code review.
• Zuul tests things right before they merge and will only merge them if they pass.
• Only Zuul can commit to master.
• Zuul uses gearman to manage Jenkins jobs.
• Uses NNFI - nearest non-failing item
• Use jenkins-gearman instead of jenkins-gerrit to reproduce the work flow.

OpenStack: A Vision for the Future

by Monty Taylor

• Create truth in realistic acting
• Know what problem you're trying to solve.
• Develop techniques to solve the problem.
• Don't confuse the techniques with the result.
• Willingness to change with new information.

What Monty Wants

• Provide computers and networks that work.
• Should not chase 12-factor apps.
• Kubernetes / CoreOS are already providing these frameworks
• OpenStack should provide a place for these frameworks to work.
• By default give a directly routable IP.

inaugust.com/talks/a-vision-for-the-future.html

The Future of Identity (Keystone) in OpenStack

by Morgan Fainberg

• Moving to Fernet Tokens as the default, everywhere.
• Lightweight
• No database requirement
• Limited token size
• Will support all the features of existing token types.
• Problems with UUID or PKI tokens:
• SQL back end
• PKI tokens are too large.
• Moving from bespoke WSGI to Flask
• Moving to a KeystoneAuth Library to remove the need for the client to be everywhere.
• Keystone V3 API...everywhere. Focus on removing technical debt.
• V2 API should die.
• Deprecating the Keystone client in favour of the openstack client.
• Paste.ini functionality being moved to core and controlled via policy.json

Orchestration and CI/CD with Ansible and OpenStack

by Simone Soldateschi

• Gave a great overview of OpenStack / CoreOS / Containers
• All configuration management sucks. Ansible sucks less.
• CI/CD pipelines are repeatable.

Practical Federation

by Jamie Lennox

• SAML is the initially supported WebSSO.
• Ipsilon has SAML frontend, supports SSSD / PAM on the backend.
• Requires Keystone V3 API everywhere.
• Jamie successfully did live demo that demonstrated the work flow.

Privesep

by Angus Lees

• Uses Linux kernel separation to restrict available privileges.
• Gave a brief history of rootwrap`.
• Fast and safe.
• Still in beta

OpenStack Works, so now what?

by Monty Taylor

• Shade's existence is a bug.
• Take OpenStack back to basics
• Keeps things simple.