Server idnes.cz published an interview with Josef Šlerka, an expert on new media (translation by Google Translate). He warns that we can become slaves to algorithms that we do not understand. This issue has been raised repeatedly in media. I don’t doubt the fact that the algorithms are much more important in our lives than ever before. I do not think that we understand all algorithms - especially neural networks are problematic in this regard because we do not know exactly why the network made a particular decision. We can only tell how well the network performs given the inputs and outputs used during training phase. Corner cases are sometimes unknown and analytical understanding in extreme situations is quite difficult. Let me, however, explain my slightly different and less pessimistic view on the role of algorithms in our lives.

Mr. Šlerka mentioned an experiment, in which Lukasz Barabasz showed that given location information of people during a longer time period, he is able to predict a person’s location the next day at a given time. He used data collected from cell towers. The problem in this case is not a prediction algorithm - it is quite simple and it performs pretty well (and in this case, we understand it pretty well too). We are just being predictable. If you have something to worry about in this example, it is the possibility to collect data (what Mr. Šlerka also mentions). There is even a scarier algorithm that can identify a particular person by their movement itself (even if it’s recorded with a different device). Our movement is like a fingerprint.

The problem is not the algorithm. The algorithm is like a mathematical equation - when you invent it, it exists. Inventions like this cannot be “undone” - it is not possible to forget or ban it once it’s out. Algorithm is like an idea. If we really care about our privacy, blaming the algorithms will not help. We need to make sure that these algorithms do not have enough inputs to do things we do not want them to do. Is it possible to create anonymized mobile phones, where the operator know how much to bill us, but does not know our location at any time? I bet it is possible, but is there enough consumer demand?

Quote praised in headline of the article reads (translation from Czech is mine): “With the advent of technology and applications of artificial intelligence and neural networks, the majority of people loses understanding about what a computer does, and how it makes it’s decisions. In other words, we become slaves to algorithms we do not understand. ”

Let’s talk about two different methods of decision-making - i.e. “table-based decisions” and “fuzzy” decision. Computers have been criticized for being to discreet, for having no smooth decision area. They were not human enough. An example “table” decision process is for example deciding whether an ATM (algorithm) or a bank clerk (person) should let you withdraw money from your account. Both decisions are based on the same table: If the available account balance is greater than or equal to the amount the customer wants to withdraw, customer gets their money. If it is less, do not allow this withdrawal. The algorithm is the same for human beings and machines and we understand it very well.

How about a loan? Bank clerk can say “This customer looks insincere” or he “was too nervous.” Alternatively officer does not trust that the underlying business plan of a company asking for a loan is sound. This is not a table-based decision - the bank representative decides on the basis of their feeling, which can be justified, but surely it cannot be explained in exact terms. Another bank clerk could decide differently.

The algorithm for bank loans is (or can be) similar to this line of thinking. We taught the algorithm that people with certain credit profile do not pay back. The input can be: financial behavior (as learned from the customer’s history in the bank), age, number of children or any other additional information available to the bank. If the algorithm is based on neural network, it could just say “loan rejected”. No explanation. In most cases, the neural network’s output is a score on some scale (for example 0 to 1), in which case a negative decision is something closer to zero (or less than some predefined threshold). We do not know why exactly the network’s output is a particular score.

A common example of algorithm critics is high frequency trading (HFT). HFT algorithms are used very successfully for several years. A human being simply cannot make decisions about buying and selling of a variety of asset classes several times per second. Can they cause a crisis? A common example that they can get “crazy” is the book The Making of a Fly by Peter Lawrence, which sold on Amazon marketplace for $1,730,045.91 due to an algorithm that set this price. The problem was that there were two competing algorithms. They go through Amazon marketplace and try to find rare products and offer them at a higher price than other sellers. When someone buys a book from a seller that has a higher price (e.g. due to higher reputation of the seller), the author of this algorithm orders the book from a dealer with a lower price. When it arrives, they deliver it to final customer and keep the price difference as profit. It gets interesting when the original item is sold and the only vendors are the automated trading bots. They start to raise prices to top up the best available seller. And depending on the periodicity of checking and harvesting the marketplace, the price starts going up. Neither of the seller has the goods available. They rely on each other for delivering the nonexistent product. The algorithm tries to make a profit and this corner conditions are not accounted for - so they get “crazy” while seeking profit…

Are we different? During 1636-1637 we witnessed one of the first bubbles. In the Netherlands, tulips have become popular and everyone wanted this beautiful flower (or it’s bulb actually). Many people wanted it because of it’s inherent beauty, but a lot more people perceived the price increase and wanted to buy cheap and sell for more later. The result was a bubble and its collapse. In the winter of 1636-1637, some bulbs changed hands ten times a day. During the peak of the bubble in February 1637, some onions sold for more than ten times the annual income of a skilled craftsman. People went crazy for a while. Do algorithms really behave differently to us or they are just getting more similar to us? Isn’t that what worries us?

Shai Danziger of the University of the Negev has done an interesting research on the Israeli judicial system. He examined the results of 1112 parole hearings. The judges had an average of 22 years of experience and their decisions accounted for 40% of cases of parole decisions during the investigated 10-month period. The results are quite uncomfortable for justice: Judges decided in favor of parole before their morning snack, lunch and before the end of working hours with much lower probability. Parole was granted in up to 20% of cases. Immediately after a meal, the chance of a positive decision was 65%. Note that this is no small statistical error, but a significant difference.

Our decisions are controlled by a number of factors we do not understand. Our neural network in the brain makes decisions that we not only don’t understand, but they are not consistent. The level of certain hormones in our body, mood, concentration, and hunger, even the lighting, biases us. These biases are significant and affect lives of people around us (such as judges granting or not granting parole based on when they ate).

If we are asking ourselves whether we are slaves to algorithms we do not understand, I would first ask: Aren’t we slaves to senseless human decisions we do not understand right now? The algorithm decides consistently and if it is flawed, we can at least quickly find out and fix it. Can we fix people this way?

Personally, I would not neither overestimate nor underestimate the role and threat of algorithms. They are tools for people. Let’s talk about what data are collected about us. That is what gets abused. If it is a person looking at a data or a highly efficient algorithm, it does not make such a difference. What external organizations (or people, companies, States) have power over our lives? Rather than adding algorithms to what we should “fight against”, I decided to become interested in the necessary conditions for their functions - data collection. Let’s not fear the algorithms. Let’s fight against everything that we can control that limits our freedom. Whether it’s an algorithm, hungry judge or greedy state backed the wrong econometric model…

ZRTP is very important project for securing your voice communication. I started playing with Jitsi, Acrobits Softphone and FreeSWITCH.

What I found out after initial configuration of ZRTP for FreeSwitch is that FreeSwitch attempts to negotiate ZRTP keys and act as a trusted man in the middle. I wanted to avoid that and provide end to end encryption. The magic option that would allow direct passthrough of ZRTP to the endpoint is enabling:

<!--Uncomment to set all inbound calls to proxy media mode-->
<param name="inbound-proxy-media" value="true"/>

in conf/sip_profiles/internal.xml.

Other funny thing I found out is how many bots are out there trying to abuse my softswitch. This happened a few hours after setting up FreeSwitch on public IP (that was never used as a SIP server before). I have run tcpdump capturing only UDP on 5600:

[root@softswitch ~]# strings output.pcap |wc -l
37235
[root@softswitch ~]# strings output.pcap |grep To: | wc -l
2833
[root@softswitch ~]# strings output.pcap |grep To:| uniq | head -n 5
To: "J" <sip:1001@203.0.113.7>
To: "J" <sip:1001@203.0.113.7>;tag=U4SvF45vSBeeN
To: "J" <sip:1001@203.0.113.7>
To: "J" <sip:1001@203.0.113.7>;tag=vDKNHZp0pm40g
To: <sip:1001@203.0.113.7>
[root@softswitch ~]# strings output.pcap |grep To:| uniq | tail -n 5
To: 700972597727055 <sip:700972597727055@203.0.113.7>;tag=Uy4Dmj5jN0NHB
To: 700972597727055<sip:700972597727055@203.0.113.7>
To: 700972597727055 <sip:700972597727055@203.0.113.7>
To: 700972597727055 <sip:700972597727055@203.0.113.7>;tag=v7X6NDppj9B4p
To: 001972597727055 <sip:001972597727055@203.0.113.7>;tag=jD1e4yDKFgD9j
[root@softswitch ~]# strings output.pcap |grep -i nonce| uniq | head -n 10
Proxy-Authorization: Digest username="2010",realm="203.0.113.7",nonce="9613eafe-5920-11e2-84ca-eb9dba96f036",uri="sip:00972592819732@203.0.113.7",response="264f1ab22fa5dacafc01387032228446",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5
Proxy-Authorization: Digest username="2010",realm="203.0.113.7",nonce="96dbcfa6-5920-11e2-84cc-eb9dba96f036",uri="sip:000972592819732@203.0.113.7",response="512df72182d278d705a2160ba15f4a0f",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5
Proxy-Authorization: Digest username="2010",realm="203.0.113.7",nonce="97630552-5920-11e2-84ce-eb9dba96f036",uri="sip:900972592819732@203.0.113.7",response="a45fc82a1d632a8890f777716b7935f5",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5
Proxy-Authorization: Digest username="2012",realm="203.0.113.7",nonce="0b1a9a5a-5926-11e2-84d4-eb9dba96f036",uri="sip:00972592819732@203.0.113.7",response="c5590c623d654384f83ff04da785a197",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5
Proxy-Authorization: Digest username="2012",realm="203.0.113.7",nonce="0c7a5b10-5926-11e2-84d6-eb9dba96f036",uri="sip:000972592819732@203.0.113.7",response="f581d146cb370170764fa8f54bd4b360",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5
Proxy-Authorization: Digest username="2012",realm="203.0.113.7",nonce="0dc65ae6-5926-11e2-84d8-eb9dba96f036",uri="sip:900972592819732@203.0.113.7",response="d522d9a645bd6b3a47a8d5091b73b0f4",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5
Proxy-Authorization: Digest username="2020",realm="203.0.113.7",nonce="811aaa42-592b-11e2-84de-eb9dba96f036",uri="sip:00972592819732@203.0.113.7",response="407a62e3cc1dcadad13e5e672a8cdb88",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5
Proxy-Authorization: Digest username="2020",realm="203.0.113.7",nonce="826543b2-592b-11e2-84e2-eb9dba96f036",uri="sip:000972592819732@203.0.113.7",response="f803d9c9687217fc97829bc317933c6e",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5
Proxy-Authorization: Digest username="2020",realm="203.0.113.7",nonce="83df2bfe-592b-11e2-84e4-eb9dba96f036",uri="sip:900972592819732@203.0.113.7",response="5e11b2531e86709427c9eea542203cd9",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5
Proxy-Authorization: Digest username="301",realm="203.0.113.7",nonce="2e81b5a4-592c-11e2-84e9-eb9dba96f036",uri="sip:00972597727055@203.0.113.7",response="156ef65fecbe325882b48b555ec92cd4",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5

For those that are not that familiar with UNIX, this basically means, that there are bots (or botnets) out there trying to brute-force your password and call out. That means you need to change your password before running FreeSwitch for the first time.

I used a good (although older) tutorial about starting with FreeSwitch.

Almost nobody would guess that the speech of Czech MP David Rath would start a moral reform in the country. Rath was arrested and charged with receiving bribes in May 2012. He had a chance to explain what happened to other MPs, who would then vote on his political immunity. His words were not addressing the fellow MPs. He was looking at the cameras and trying to create a sentiment in the Czech nation. He pointed out other cases of corruption. The moral reform was not coming from his words nor from his heart. It was happening in parallel to his speech. And he was the only one that did not notice.

In contrast to his fellow citizens, Karel Schwarzenberg (minister of foreign affairs)  was not moved by Rath’s words. He did what every sane person in that situation would do - he fell asleep. From that place where dreams melt with reality of TV cameras filming bored politicians he sent a text message to Karolína Peake (Deputy Prime Minister of the Czech Republic).

Miss Peake was not moved by heart-breaking speech of Rath either. The cameras caught her black ThinkPad, as she was sitting right behind the speaker, but we could not see its screen. We could read her face though and it kept saying: “I don’t care what’s around, I am doing something more important”. Probably reading e-mail. Or browsing Facebook. She almost forgot that the whole country is watching her. Then she woke up - from the place where we escape when we wait at the doctor’s office - when her phone vibrated. She received a text. Although we already know what it said, at that time, we could only see her reaction: She smiled, her hand swept through her hair and she got a rush of energy. She probably decided to share that text with someone…

Karel Schwarzenberg (TOP 09) -> Karolína Peake (independent)

“Watching what goes on these days, I realize that we need to stop doing that. We need to do something, something important. Something that will change our whole society from scratch”

Few minutes later something unexpected happened at the house of parliament. No, David Rath did not apologize for his corrupt behaviour. His speech was still directed at citizens, trying hard to make them emotional. He probably learned that from other heart-breaking speeches by many other politicians that use this technique to influence the public. Something was in the air. Whispering started in the house of parliament.

Jan Hamáček (ČSSD) -> Alexandr Vondra (ODS)

“We all have something on each other - a mutual deadlock. I feel really bad about it. Moral reform is the only way out of it. Let’s grasp this opportunity”.

More and more of these text messages (SMS) started to spread - between MPs, between heads of political parties, between press representatives and journalists. Both directions. Everyone was joining the moral reform. Everyone wanted to know more. The texts were promising a press conference that would explain the concept of moral reform to journalists and citizens. Rath did not finish yet, but something was going on here. How is it possible that Karel Schwarzenberg managed to write a message while sleeping? How is it possible that colleagues sitting next to each other exchanged messages without even touching their phones? The answer was in the text. “Moral reform is the only way out of it.” (“Morální reforma je jediná možnost jak z toho ven”)

Ztohoven is a Czech art group that is formed and then dismantled with every action they do. They became famous when they transformed the giant neon heart at Prague Castle (seat of the president) into a large red question mark. Their most famous artwork is their pirate broadcast of nuclear explosion above Krkonoše mountains on Czech Public Television (see more in the documentary about this project - English subtitles included). Project “Media Reality” was seeking an answer to question “Do people believe in what media present us as reality?”. TV cameras that are broadcasting live footage from Czech ski resorts (even during the summer) apparently were not secured that well. This group of artists managed to broadcast their own signal instead of live feed to the transmitter, replacing colorful panoramas of the Czech countryside with the atomic blast. This did not cause nation-wide panic, but a discussion about questions like “What is art?” and “Does this threaten the public?”. Discussion ended up in the court…

Ztohoven prepared a documentary (in co-production with Czech TV - which is really nice, considering their previous conflict about the explosion) about their other project. It’s name Občan K. (Citizen K.) is inspired by Franz Kafka. It is about identity and identification. What would it be like to be someone else for a while? How would it be to renounce your own identity? Twelve members of the group decided to try on their own. They took pictures of them in black T-Shirts and used image morphing software to create “inter-identities” - a little bit of me and a little bit of the other guy. Then they took the photo and requested a new state-issued ID card (in Czech republic - unlike other countries - you bring your own photo to use)…

When they had this new ID card, they requested passport, visa to China, gun permit and even a wedding certificate - during the wedding, the groom and the best man had to exchange, because their identities were exchanged and the bride wanted her husband’s real name on the certificate.

According to the state, we are all equal. They do not care about us when we pay taxes, do not break law and generally get out of the way. The bureaucrats do not communicate with people, but with rows in the database and their ID cards. The human being is usually only there to hand over the ID card to the state employee.  They only notice a face when they try to compare the picture on the ID to the face of it’s owner. From that point on, we are just a record in the database. You can find more about the project in the documentary Občan Ztohoven that is right now in Czech cinemas and will be touring world documentary film festivals soon.

Projects of the group are not taking place in a gallery - they occur in “public space”. Museums and galleries are only visited by hipsters and tourists anyway. The “public space” as their location is almost the only thing that the projects have in common - it is very difficult to predict their next project.

Members of the group have rarely control over the result of the project. Most of the people learn about them from media and that means that they only get to know the media interpretation. It is very interesting that the public is almost always on their side. Although public support is very important (even in court), the members never know what consequences would their projects have. When they were sending the texts to the members of parliament, they could have changed voting or cause panic. But did they want to do that? Did they want to cause panic or change votes? It’s sad that media wrote that “Hackers attacked mobile phones of members of parliament”. The content - the Moral Reform - was probably not so interesting as the hacker attack. MPs did not disapprove of the project (how could someone disapprove of Moral Reform?), but they never spoke about it. Media was focusing on the fact that someone can send fake text messages and getting hold of phone numbers of most MPs, the president and relevant journalists. They did not focus on the fact that our world needs a real moral reform. Maybe that’s the reason that the members of Ztohoven call their projects “media sculptures” - they can set the funding stone, but the resulting shape of the project is usually formed by the media. And most of foreign media totally ignored this project. What a pity.

People usually do not like to think about structures - in a mathematical sense. Almost everyone is interested in means and content, not in relations between objects. People are interested in who voted for and who voted against something (this is actually a better case - when people are interested at all). Few people are interested in the actual meaning of a law. There is little discussion about the power structure of the parliament - who says the MPs how to vote (no, they do not read all the law that they vote for). Moral Reform is much more than a mirror of morality of politicians. It shows the structure of power in Czech Republic (see the project’s web page at www.ztohoven.com/mr/index-en.html). You can see who communicates with the media, who tells the members of political parties how to vote. Who is a carrier of change and who is a voting puppet? I suggest checking out the text messages not in a list, but in the graphic representation of parliament, where you can see how information is spread. Of course this interpretation of structure of power was created by members of Ztohoven, but it is very scary when you think about how the dramaturgy and “screenplay” resembles the reality. When one politician showed the journalists the fake text he got from Radek John and let them take a picture, he did not realize that there was an older message from the same politician that said “Skokan pacified”. Both Petr Skokan, MP for Veci veřejné and Radek John decided not to comment…

Sometimes I wish we had Ztohoven in our country. There are not many people that ask the right questions. There are almost none that ask the difficult ones. I am trying to imagine what would happen if Moral reform really happened - if politicians really decided to end corruption and be better. If they would understand that they are here to serve us. Maybe it’s evolutionary - those that are politicians are there because they have the ability to speak well in front of people, to touch their hearts and transfer emotion. About doubling wages, about security, economy, the nation, education, the Europe and the bright future… And for some reason, people base their “voting” on that. If the only quality that people in the parliament are capable of is to speak to the hearts of people, are they able of real transformation from inside? Are they capable of moral reform? Every politician is able to tell the public that they let go of their past and focus on the future. Are they capable of actually doing it?

Václav Klaus, president of Czech Republic -> heads of political parties

“Mister chairman, I urgently ask you to come to the Castle today. I would like to talk to you about the Moral reform.”

It is sad that this text came from a dream of Ztohoven and even though all heads of political parties actually received it, it was not sent from the phone of the president. We are still waiting for the moral reform to come…

I put a lot of my free software to Github lately. Github is nice, it allows community forks and other great things. But what if it is gone? For that, we have backups. Do we?

We should.

Addy Osmani wrote about backup up your github repositories. He gave three solution. The second one did not work for me and I was too lazy to debug, the third one required Haskell and some additional libraries (I will learn Haskell, but not at 6am), so I adapted the first solution. It is pretty simple, but used github v2 API and it is no longer supported.

So updated version is here, I also added some shell escaping (although if you backed up someone else’s repository, I suggest checking for filename-significant characters too).

This backups all your public repositories (that’s what I use). I use it with duplicity for secure backup (and restore) by encrypting on client side (please take good care of your PGP private key if you do this).

Chaos Communication Congress (CCC or C3 for short) is traditionally held between Christmas and New Year. This date is chosen not only because most hackers are free during this time, but also because organizers like to avoid people who go to conferences to escape their job and actual work. An unusual but effective solution.

In addition to the traditional time, the place was traditional too - at least for the older ones among us. The 29th Congress returned from Berlin to the original city of CCC - Hamburg. An acronym of this year’s conference is 29C3 (29th Chaos Communication Congress). The tagline of this year’s congress is “Not My Department”. The name suggests something that most hackers don’t like to see - when someone (especially an officer) makes excuses about something being beyond their competence.

If some of the descriptions of lectures sound interesting, feel free to check them online at http://bit.ly/Zd2ZGR - the streams are free.

The conference was opened by a keynote address by Jacob Appelbaum. As the author of Tor and a Wikileaks collaborator, he has experienced what it is like to come into conflict with a powerful state. Interrogations lasting hours at airports are common practice, yet he has never been accused of anything. Jacob tried to inspire hackers to develop technologies that support individual freedom - privacy, anonymity, circumventing censorship. Later, he also delivered a technical lecture on Tor ecosystem - programs and libraries that people can use (with Tor) for anonymous access/posting and circumventing censorship. Sadia Afroza Islam and Aylin Caliskan gave a lecture on stylometry that reminded us of the fact that anonymity it is not easy - even if you are using a completely anonymous connection to the Internet, your writing style can give you up. The authors presented their toolkit for stylometry (JStylo)  and partial anonymization of writing style (do not trust it for strong anonymity though).

The traditional theme of the congress is of hacking GSM communication. This time it was not focused on the interception of communication. Sylvain Munaut presented his “hack” - creating a BTS (base transreceiver station in GSM network) from an old Motorola C123 mobile phone with his own firmware. Thus, it is possible (under controlled conditions) to create your own GSM network, which is able to send short text messages (SMS). The phone must be connected to the computer that is running OpenBTS clone at all times, so the Motorola C123 is used as a GSM radio peripheral.

GSM network - along with DECT and VoIP networks (which are all interconnected) -  has traditionally been used at the Congress. The private network was used by many members of the congress for intra-congress communication.

Mark van Cuijk from Holland presented his “open” GSM service provider Limesco. It allows you to adjust the routing of calls the way you want - in fact you bring mobile calls to your VoIP PBX where you can route them or do other interesting things with them. The lecture was an overview of the background of commercial mobile operators and various companies (network operator, vendor, virtual operator, …) and pricing, or interconnection charges.

The second top issue was a serious conflict of states vs hackers. From the use of the Internet in protests (Arab spring, Occupy movement) to the so-called whistleblowing, 29C3 covered almost the full spectrum of the conflict. The highlight of this topic was a talk called “Enemies of the State: What Happens When Telling the Truth about Secret US Government Power Becomes a Crime.” It was led by two former NSA employees who worked on surveillance technology. Both left NSA after their superiors decided to develop and deploy an interception programme called Stellar Wind, which (according to them) is intercepting and storing all communications (regardless of citizenship) without a court order. Thomas Drake said several times that this is against the U.S. Constitution. William Binney explained how an eavesdropping technology works and what the capacity of the new NSA data center being built in Utah is.

Americans are not the only ones that are building and using mass-surveilance technologies - Russia is now doing it too and is not so secretive about it. The “Russian way” of intercepting everything is being exported beyond the borders of Russia, and even the original Soviet Union. Mexico decided to purchase listening technology from Russian companies and the company persuaded the government to also adapt Russian lawful interception procedures - this means that the competent authorities receive all unfiltered traffic and then filter things out. There is no independent party to check if they have a court order for that interception.

The cryptology and attacks on ciphers have special dedicated professional conferences, but cryptographic analysis of Russian cipher GOST was quite interesting even at the CCC. An analysis of RFID security cards was presented in a very funny and interesting way by Timo Kasper. They described also the hacking of Prague Opencard. However, the most interesting lecture (according to us) was the factorization of RSA public keys (FactHacks), which was presented by DJB (DJ Bernstein, author of djbdns and qmail mail package), Nadia Heninger and Tanja Lange. They pointed out the real problems in the development of encryption systems, such as insufficient entropy when generating keys. They showed a field-tested method to factorize a number of keys in parallel, and their project is available at http://factorable.net/ where you can verify if the public key is weak and has well-known factors. An important take-away from this lecture is that it is no longer safe to use 1024-bit RSA keys.

Sebastian Schinz introduced side-channel attacks (timing). The idea of this attack is that some operations take longer and some shorter. Based on the time it takes to perform an operation, an attacker can get information that is not public. Textbook example is the algorithm that first verifies your user name and then your password. If the operation is performed faster (statistically), it can be inferred that the user is not found. If it takes longer it means that the application found the user and checked the password, so the user exists. This works even if in both cases, the server replies “Incorrect user name or password”. Sebastian released a set of tools for measuring and evaluating time-based side channels and showed us some techniques to prevent these types of attacks.

The CCC consists of many interesting things, not only talks. Even though it is already the 29th annual conference, the organisers are not afraid to experiment. The new space hosted nearly a hundred so-called “assemblies”, i.e. sites (from few tables to a large hacking area) that have a common theme. Assemblies also organized workshops and technology demonstrations outside the main program. There were over 100 independent workshops that were not part of the official programme. The conference network was also interesting - peak usage was 3059 users, 40% of the traffic was IPv6. During the conference, the aggregate traffic of Hamburg increased by one third (conference used over 8GBit/s). The conference organizers declared this usage as “booooring” and concluded that people do not follow the recommendation on the screens: “Please use more bandwidth”.

A number of accompanying events, spontaneously organized workshops and meetings, interesting and high quality lectures, open access (low entrance fees, conference organized purely by volunteers and a free stream) made Chaos Communication Congress the best technical (hacking) Conference at least in Europe. Sister events of the Congress are two camps, one organized by the German Chaos Communication Club and the second organized in the Netherlands. This year the Dutch camp is called Observe, Hack, Make (OHM) and tickets are already sold on ohm2013.org. Join us in the summer, it will be an awesome event!

My colleague xenol showed me a beautiful blogging engine called Octopress. I decided to migrate to have more control over my blog, make use of static HTML blog and experiment with something new. I wrote a tool to do the migration which can be useful for others too.

I hope you will like this new blog. I am no web designer, so this is just a collection of my ramblings.

Janka said I need more pictures. So I am including one from 29c3 by andershh:

I also migrated rss2kyberia to Github. Code not changed, but it seems I will be putting some more software to Github anyway. Fixed some bugs in imap-readlater, had a really interesting day, setup a new Tor relay and a few other things. All is well.

“Your fear of death attracts such strange objects”
                         - Where are you? by Coil

God&Goddess theme party for an atheist is not much fun. But I found a god I believe in. Before you start thinking I am mad or have moved to a dark side, read the rest of this post.

I actually believe in death for obvious reasons. It’s the “god” that does not promise, it delivers. And I believe it is a good thing. Ever since my first “near-death experience” I understood the nice effects of death. I did not die and I am not thinking about taking my life at all. It’s just there, in the future. It reminds us to spend our time wisely. It means we should remain focused, we should do things we want to do and things we love today.

A few days ago I had a dream about being terminally ill. I spoke at a panel during a boring conference and I said what needed to be said. I thought that if I have a week or so to live, I may as well use that time wisely.

I was so happy that it was just a dream. I woke up, my brain synchronized with the reality and I was happy I am alive. And I still am. But the boring panel and the conference was real. I went there and said what needed to be said anyway. It was scary. But the fact that I did it was a result of this fear of death.  (I heard that in most people, fear of public speaking is more paralysing than fear of death. So unfounded - our biases are weird, aren’t they?)

Everyone understands these things, these concepts. But internalizing and feeling it, having this emotion of beginning and the end makes us better - we feel more vulnerable and brave at the same time.

Next year, I am going to help people around me do what they want and love to do. Not now, not when they retire, not when they learn something, when they have enough money, now.

For that I want to thank the God of death, Mitch Altman and Jeff Marx who inspired me a lot in this.

I just started with Social Network Analysis course on coursera (if you want to learn science, try coursera, especially Andrew Ng’s Machine Learning, it’s free and great:).

As it goes with hackers, we learn differently. We try stuff first and then if it does not work, we try to figure out what’s wrong. So after introduction, I went immediately to my favourite search engine and found Gephi for graph analysis and downloaded a Facebook graph of my friends (and some other data for groups I am involved in). There is a great tutorial for what I did by Sarah Jay. So if you want to try this out with your friends, do it, it’s super easy.

The picture is a Facebook graph of my friends. I used Force Atlas layout algorithm, so people who are connected to each other get closer. This created two “islands” (called components in graph theory), because they have no other connection (other than me, I am altruistically not represented in this graph:). The green island is a group of people I met at this year’s Awesomeness Fest (except for Risa’s brother that I have not met and he was not in Afest, but I talk to him over Facebook, so that’s the lone green guy that does not have any other connection except for me and Risa). The Afest was a great experience I am talking about all the time to the people in the larger island. People who know me longer know that I always have these “masterplans” for changing everything. And of course there’s a plan that’s going to connect those two islands, I will do at least 6 connections by the end of march 2013 between these islands and some more by the end of the year :). While there’s a repulsive force in Force Atlas layout algorithm moving these islands apart, there will be an attracting force soon and I promise I will make these nodes jump around and sing “I feel so close to you right now, it’s a force field” (I tried that with the green guys several times, it’s fun:).

The colors of each node was not done manually by me, but by a clustering algorithm. This is really interesting. Only from connections, we can create clusters of people. Kohonen’s self-organizing maps have been traditionally used for that, but there are other algorithms. The green part is obvious, because it’s not connected to anything else. What about other colors? It shows people from my childhood (and school) in two colors (close to each other), people from work and community around that in the other. Of course the blue part is people I know from another “social network” - you know us Slovaks, we are either first or last in everything. There was a first Flarion implementation in Slovakia, we have the fastest broadband on earth and of course we had something better than Facebook for years before Facebook - and it’s still running. It’s Kyberia and has friends, likes (called K! or Karma), groups and forums and a great subculture. Apart from Facebook, Kyberia.sk has crazy parties in a few cities and it’s more about community and less about “look what I have eaten today” (OK, there’s a forum for that there too:). So the blue guys are people I met using Kyberia. I have done some cool visualizations of Kyberia too if you are interested.

I have not told this to Gephi, it was all grouped together by the clustering algorithm. Facebook knows much more about us than we think.

You may noticed that some nodes in the graph are larger than others. The size is based on between connectedness parameter, which roughly translates to how many connections there are in the graph. So if you want to influence me and my friends, you should go to the people with the largest node size and convince them. They will either convince me directly or convince my friends. There are my colleagues, some good friends that share a lot of connections there. But there’s also Michal Truban from WebSupport (I know one more guy by the same name). We meet very rarely in person, but we share so many friends that if you influenced him directly (or gave him a nice flu virus), it is very probably that it would spread through my real social network and get me infected. The things is that it works the other way around too:).

Ideas and viruses spread through social connections. I like this TED talk about why this is important.

Regarding my latest blogpost (a quotation from a book I read) about ”bystanders not helping people” if they are not absolutely certain they are in trouble: I remembered a story from Helsinki, Finland.

I was a part-time journalist and I was attending this conference where I saw Linus Torvalds speaking and got drunk with a top executive of a really large corporation (I can tell that people from Finland really like Vodka). But the part I remember to this day is a trip out to the city.

I somehow got in contact with a Hungarian journalist there, I think the attraction was very simple: I looked around, everyone was wearing a suit, half of the people had those always-on-ear bluetooth handsfree devices (they were cool among the “businessmen” back then). And he was just the same kind of geek as me. So we decided to explore the city together.

I asked him about the suit and if he does not feel that he does not fit. He replied: “Students and journalists are the two most free occupations”. Students do not need to care about what they are wearing, they should be completely free to express themselves and that includes clothing. And for journalists, they are kind of a pain in the ass, because you can not say a word to them. Anything they are covering, like a conference, event or a news story - other people want to look nice and try to influence you to cover their angle: basically they want you to write nicely about them. That’s why it’s free.

That was a day I decided I don’t give a shit about suits. Even when the dynamics is different - if wearing a suit would help me make a sale… Is the sale worth it? Won’t it be a difficult customer that does not appreciate what I’m doing for them, but they care about how I look? And entrepreneurship among other things is about freedom too, right?

And how it relates to “bystanders not helping people” blog? We were walking through the main square of Helsinki and there was an old man lying on the floor. I looked and applied label “drunk homeless” and continued walking. My new friend stopped and asked the guy if he is OK. And he told me I should always do this, because there are countless examples of people just passing by an older man or woman that just had a stroke and applying that label (he read it from my mind - correctly). They look at them in a blink and a comic bubble appears and shows a label: “drunk homeless”. It is usually correct, but saving time by not verifying the assumption is not worth the risk - you could save a life just by a simple 10 second question.

I don’t remember my Hungarian friend’s name anymore and I barely remember how he looked (no suit though), but I still remember these two life lessons and I hope I will remember them for life - be free in whatever you are doing and help people even if you have no 100% certainty that they need help.

CAUSE OF DEATH: UNCERTAIN(TY)

All the weapons of influence discussed in this book work better under some conditions than under others. If we are to defend ourselves adequately against any such weapon, it is vital that we know its optimal operating conditions in order to recognize when we are most vulnerable to its influence. In the case of the principle of social proof, we have already had a hint of one time when it works best. Among the Chicago believers, it was a sense of shaken confidence that triggered their craving for converts. In general, when we are unsure of ourselves, when the situation is unclear or ambiguous, when uncertainty reigns, we are most likely to look to and accept the actions of others as correct.

In the process of examining the reactions of other people to resolve our uncertainty, however, we are likely to overlook a subtle but import- ant fact. Those people are probably examining the social evidence, too. Especially in an ambiguous situation, the tendency for everyone to be looking to see what everyone else is doing can lead to a fascinating

phenomenon called “pluralistic ignorance.” A thorough understanding of the pluralistic ignorance phenomenon helps immeasurably to explain a regular occurrence in our country that has been termed both a riddle and a national disgrace: the failure of entire groups of bystanders to aid victims in agonizing need of help.

The classic example of such bystander inaction and the one that has produced the most debate in journalistic, political, and scientific circles began as an ordinary homicide case in the borough of Queens in New York City. A woman in her late twenties, Catherine Genovese, was killed in a late-night attack on her home street as she returned from work. Murder is never an act to be passed off lightly, but in a city the size and tenor of New York, the Genovese incident warranted no more space than a fraction of a column in The New York Times. Catherine Genovese’s story would have died with her on that day in March 1964 if it hadn’t been for a mistake.

The metropolitan editor of the Times, A. M. Rosenthal, happened to be having lunch with the city police commissioner a week later. Rosenthal asked the commissioner about a different Queens-based homicide, and the commissioner, thinking he was being questioned about the Genovese case, revealed something staggering that had been uncovered by the police investigation. It was something that left everyone who heard it, the commissioner included, aghast and grasping for explanations. Catherine Genovese had not experienced a quick, muffled death. It had been a long, loud, tortured, public event. Her assailant had chased and attacked her in the street three times over a period of thirty-five minutes before his knife finally silenced her cries for help. Incredibly, thirty-eight of her neighbors watched the events of her death unfold from the safety of their apartment windows without so much as lifting a finger to call the police.

Rosenthal, a former Pulitzer Prize—winning reporter, knew a story when he heard one. On the day of his lunch with the commissioner, he assigned a reporter to investigate the “bystander angle” of the Genovese incident. Within a week, the Times published a long, page 1 article that was to create a swirl of controversy and speculation. The first few paragraphs of that report provide the tone and focus of the burgeoning story:

For more than half an hour thirty-eight respectable, law-abiding citizens in Queens watched a killer stalk and stab a woman in three separate attacks in Kew Gardens.

Twice the sound of their voices and the sudden glow of their bedroom lights interrupted him and frightened him off. Each time he returned, sought her out, and stabbed her again. Not one persotelephoned the police during the assault; one witness called after the woman was dead.

That was two weeks ago today. But Assistant Chief Inspector Frederick M. Lussen, in charge of the borough’s detectives and a veteran of twenty-five years of homicide investigations, is still shocked.

He can give a matter-of-fact recitation of many murders. But the Kew Gardens slaying baffles him—not because it is a murder, but because “good people” failed to call the police.

My short comment from what follows: Social proof: If there’s uncertainty and others are doing nothing, people will follow the group mentality - and do nothing. If you need help, address people and ask for help (like “you in a blue scarf, help me, call an ambulance please”).