Skip to content


Spamhaus strikes again (with the CBL, as usual)

Just a very short post to explain why I haven’t been approving new comments for the last 10 days. On April 2, the geniuses from Spamhaus pretended they detected a “Trojan called Win32/Zbot (Microsoft)” on the server. That’s funny, because it damned looks like a Windows-specific Trojan yet this server is definitely running Linux. Even though this first detection was also the last, the server’s IP wasn’t removed from the infamous retarded CBL list (Composite Blocking List), which admittedly doesn’t work based on actual spam sent but on “suspicious” behavior. Or if you’re into movies, this would be like the Minority Report list.

My current e-mail provider, Fastmail, which provides great features BUT has a much more retarded anti-spam arsenal than Gmail or Outlook, simply silently discarded all e-mails because of that bogus listing. And voilà, this is how I didn’t receive the notifications… Say thank you to the web-nazis from Spamhaus and their blind worshipers at Fastmail…

Posted in web filtering.


How to compile and install DNScrypt (dnscrypt-proxy) on OpenSUSE

DNScrypt is a tool that allows you to send your DNS queries to something else than your ISP’s DNS servers, while also encrypting those DNS requests to prevent snooping. I’m not sure how useful it is if you’re using a VPN, but I’m more of an SSH tunnel guy and as far as I saw, about every program except Firefox (when configured properly) will still perform its DNS requests in the wild instead of via the SSH tunnel, which is kind of retarded as it defeats the purpose of the tunnel… So that’s where DNScrypt comes in handy.

I found it quite trivial to use on Windows (except that setting a custom DNS server doesn’t seem to work – on a side note, this test page is great to check whether or not you are currently using OpenDNS as your DNS server), but on OpenSUSE it’s quite tougher to set up, as you’ll have to compile it yourself. Still, with the instructions it should be easy enough (plus in the end it works better than on Windows ;))

First, install some required stuff (may be more or less depending on what is already installed on your system – if more is required, the output on ./configure should
be most helpful in finding out the missing dependency):

zypper in gcc
zypper in -t pattern devel_C_C++

Then, download and install latest libsodium (it’s a dependency for which OpenSUSE doesn’t provide packages either):

wget http://download.dnscrypt.org/libsodium/releases/libsodium-0.4.5.tar.gz
tar xf libsodium-0.4.5.tar.gz
./configure
make && make install

Then you need to run ldconfig (just type ldconfig in the console). I have no idea of what it does, but if you don’t do it the ./configure for dnscrypt-proxy will most likely fail with a message like:

configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details
configure: error: ./configure failed for src/libevent-modified

Finally, download and install the latest dnscrypt-proxy:

wget http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.3.3.tar.bz2
tar xf dnscrypt-proxy-1.3.3.tar.bz2
./configure
make && make install

That’s it, you can already run it in console using:

dnscrypt-proxy

However, by default, it will use OpenDNS servers. And OpenDNS is actually all but open, so you may want to switch to a more neutral provider. At list of providers can be found on http://dnscrypt.org/. To use a specific provider you’ll simply have to add some more parameters to the call, like:

dnscrypt-proxy --resolver-address=178.216.201.222:2053 --provider-name=2.dnscrypt-cert.soltysiak.com --provider-key=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21

Last but not least, you must now configure your connection to use 127.0.0.1 as DNS resolver. In OpenSUSE, this is done via network connection management: for each connection, click “Edit”, then in the IPv4 Address tab, configure method to “Automatic (DHCP) addresses only“, and then set DNS servers to 127.0.0.1. You may want to set DNS servers to ::1 in the IPv6 Address tab, but I didn’t try that since my ISP doesn’t support IPv6 yet.

And now that’s really it: you should be using DNScrypt. To make sure you are, you can stop dnscrypt-proxy and see that when it’s stopped you can’t access websites (NB: try this on websites that you didn’t visit very recently, otherwise their DNS records may be cached by your browser or by the system).

Of course, this isn’t a very convenient setup so far, and you may want to look up how to configure this as a daemon automatically launched at boot time. I give here brief instructions, if you need more details see http://perseosblog.com/security-encrypt-traffic-dnscrypt/.

nano /etc/init.d/after.local

at the end, add:

exec /usr/local/sbin/dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --resolver-address=178.216.201.222:2053 --provider-name=2.dnscrypt-cert.soltysiak.com --provider-key=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21

I’m not sure how necessary the PID file is, but I preferred not to try to mess up with it. Now your setup is complete: your DNS requests are encrypted, sent via DNScrypt to a DNS server different from OpenDNS (or not), and that setup is automatically loaded at start-up. Enjoy :)

Posted in cryptography, Internet, Linux, privacy.


The face is the ultimate biometric data

When people ask me why I don’t want to post my photo on internet or any digital document, I usually reply with the (semi-) joke that the face is biometric data and that as such, I don’t want to diffuse it just like they probably wouldn’t want to diffuse their DNA details or their fingerprints (although the later might sadly become a habit with all the fingerprints readers getting included into the latest smartphone “just for you security because we know you’re too limited to remember a proper password”).

The face is biometric data

However, with the recent story about that silly (18 year old) “kid” (yay, when the objective is to get the public’s pity he’s a young kid, a few days before he was a brilliant young entrepreneur lending GoPro cams, go figure…) who videotaped the city of Nancy from a drone and doesn’t understand the privacy implications of this (not to mention the security ones – I mean the physical harm of getting your skull crushed by a drone falling from 30-50 meters high), I gave it some more thought. And I came to the conclusion that photo being some usual biometric data is indeed a semi-joke, as it is in fact the ultimate biometric data, as I’ll show below.

The face is officially recognized as one of the best ways to identify people (says Captain Obvious)

It’s been used for a very long time in ID documents, notably in the French ID card from its beginning in 1912-1917 (article in French), along with the fingerprints.
On a side note, the ID card became mandatory in 1940 under the Vichy administration (that’s the administration who collaborated with the Nazis). I’m not saying that having a picture of everyone was a fascist’s dream, but… well at least that could have been. It became non-mandatory again in 1955, although I wish you good luck to open a bank account without an ID card or a passport…

It’s about as unique as DNA

Two people may have two very similar DNAs just like 2 people may have very similar faces, in both cases it’s possible yet very unlikely. Even though you probably know a couple of persons who do look a bit alike among your friends, you probably have no pair that you really can’t distinguish (and if you do, I suppose they are twins – probably real twins, who do share about the same DNA?). Elvis doubles get a haircut like him, clothes like him, mimic his facial expressions, etc, but even though they tend to look alike, you can tell they’re not the real thing not just because you know the original is dead and used to thing much better, but also because he didn’t have exactly the same face.

It can be recognized by machines…

This wasn’t the case a couple of decades ago, which is why the general public still seems poorly aware of this, or at least of its implications, but facial recognition is quite trivial nowadays. Well, not trivial, but the tools to do it easily do exist (example). Basically, what you see in NCIS is fairly accurate in that respect.
Facebook does it (unless you configure it otherwise, they detect faces in the pictures you upload and are able to suggest friends’ names that match). The RATP (the company that runs the Paris metro system) planned to do it on its CCTV system, but they backed off when the general public became aware of the project and was quite upset about it.

…And it can be directly recognized by people too

And that’s a very unique feature for a biometric data. Usually it takes some computer, or at least (historically) a very thorough manual examination (like, to manually compare a fingerprint to a series of known fingerprints) to identify biometric data. With faces, computer recognition is possible as we saw, but humans are very good at recognizing faces too. And when they aren’t, it’s a proper medical condition called prosopagnosia.

It changes with time… but we know how! (well, partially)

A limitation of the face compared to DNA or fingerprints is that it changes in time. You may think at first that this breaks down the house as an ultimate biometric data, but it’s not really the case. Because those changes are, in a good proportion, deterministic. Don’t you recognize your old good friends from high school or even below, even when you haven’t seen them in a decade or more? Well, the computer should be able to too. Ongoing research on face aging simulation looks quite promising.
Clearly, this changing face will remain a weakness compared to DNA and such. But it’s quite a moderate one, because not only we are/will be able to predict face aging quite accurately, but also because we usually have recent enough pictures: predicting the aging of a few years, or even a decade, is much less of a challenge than predicting how a 20 year old young adult will look like when he retires at 70.

It can be taken from a large distance…

To get a DNA sample, you need to touch the person (or get an object they used, like a glass). Same goes for fingerprints. This is of course not the case of pictures. The picture of the iris – for iris recognition would be a bit intermediate as I suppose you need to get decently close to obtain a good enough iris scan.

…And by the average Joe

You don’t have people around you taking your DNA samples and fingerprints and reporting them to a central authority on a regular basis, do you? Well, with faces, you often do! Tourists, the photo-maniac at your diner (at your table… or not), the narcissistic idiot taking a “selfie” with you in the remote background, etc, etc: lots of people take lots of photos without caring much about people included by accident… And then they most often upload them “into the cloud”. I.e., their smartphone, which is actually often smarter than them, sends your face on the servers of some big data mining corporation such as Google, usually with geolocalization data and the timestamp.

Last but not least, it’s super cheap

Not only it’s as good as DNA and fingerprints, it’s also cheaper than the former and about as cheap as the later:
- cost of a photo: ~0.
- cost of facial recognition software and facial database: similar to DNA recognition and database, I suppose, but it’s a one-time or fixed cost.
The cost to use that is then about the same if you want to identify one face or a few thousands of them. Not really the case with DNA, with which each sample requires some reagents to be analyzed (even though those tend to quickly get cheaper)

Conclusion

Don’t give your face to people and entities you wouldn’t give a DNA sample and fingerprints to.

Posted in privacy.


How to (efficiently) multiply all rows of a matrix by a vector in R

If you’re reading this, you most likely know that using for() loops isn’t an efficient way to do a high amount of computations in R. Vectorizing the code is a must if you want to get the best possible performances.

So, to multiply all rows of a matrix by a vector, we’ll first look at how to multiply all columns by a vector. Straight to the code:
A=matrix(1,3,3);
b=c(1,2,3);
A*b;

That’s right, the ‘*’ operator just does that when used on a matrix and a vector. So a first obvious solution is to transpose the matrix, do the multiplication, and then transpose it back:
A=matrix(1,3,3);
b=c(1,2,3);
t(t(A)*b);

And that’s it already.

Still, you may be interested to know that R also features the sweep() function, which can also be used to do that, and more. It’s not needed in this case, but maybe for more complex situation you’ll find it handy. The code would be:
A=matrix(1,3,3);
b=c(1,2,3);
sweep(A,2,b,'*');

The first argument is the matrix, the second is 2 for row and 1 for column, the third is the vector, and the last is the operator you want to apply. This might work with functions too, like apply(), although I didn’t check that.

Posted in programming, R (R-project).


Five reasons why it’s great to be single on Valentine’s Day

Ever felt like that today?

Today is Friday, not Valentine's day

Well, you shouldn’t, and here are five reasons why Valentine’s Day is actually brilliant for singles.

Fewer commuters in the bus…

…at your usual commuting evening hours, because the other bus parasites leave early to meet their mates. Get your very own bus on this day only!*

*should work with the subway, too, except that you won’t get the whole train.

Fewer people at the gym

Ever been attacked during a BodyAttack? Well, this definitely won’t happen today, as most of your fellow gymers will be stuck with their significantly non-gymer other. Claim your very own 10 square meters of gymfloor today!

Save time

No need to spend an evening at a boring restaurant or some other place. Also works with the days before: no need to pick a gift, no need to buy flowers, etc.

Save money

On said gift and/or flowers (at the only time of the year where they’re somehow worth more per ounce than gold), restaurant, and whatever. Seriously, you’ll save an average of $135: you just got richer!
On a side note, don’t forget that demonstration about money and problems and stuff.

Last but not least…

…don’t be a sheep. And maybe meet another great non-sheeple (at the gym) ;)

You had me at fuck the system

PS: a big thanks to “Kitkachu” for sending me the main contents of this :) Even though that was totally off-topic I’m always glad to post fun contents if you guys feel like sharing some

Posted in funnies, Totally pointless.


Cheap trick to justify your blog posts’ text in WordPress

I tend to prefer justified text to ugly irregular line ends, but WordPress themes tend to prefer the later. Never mind, it’s actually quite trivial to fix, if you don’t mind quick’n dirty solutions.

First, note that I’m using the Carrington Blog theme. Most likely, other themes will be modifiable in a similar way. Basically, all posts are contained within a div of class “entry-content”. So all you have to do is go to the theme editor (Appearance &#rarr; Editor), find the appropriate css file (for Carrington, it’s css.php, for other them it will most likely be different but if you just search for any file with “css” in it, you should quickly find the right one), and at the end, add:
.entry-content {text-align:justify;}

Then save, and go to your blog (you’ll probably need to purge your browser cache and refresh, aka CTRL+F5 in Firefox) to see the result :)

Posted in WordPress.


Flash player 12.x and 13.0.0.182 for portable browsers (32 and 64 bits)

Skip to the download links if you’re too lazy to read or if you already know what you’re doing

Finally, about 2 years and a half after Flash 11, Adobe recently released Flash 12, and quite quickly later, Flash 13 (current version being 13.0.0.182). I don’t think there’s anything major in this release, the previous version was 11.9.x and I guess they preferred 12.0.x rather than getting into 11.10.x and such. I have no idea about the changelog, although from previous experience on the 11.x branch, it’s probably mainly security and bug fixes. The Linux version was discontinued at version 11.2 (although they still update this one with security fixes, current version being 11.2.202.336, which you can grab there), so probably even Adobe see Flash’s end coming. Which will be a sad day for me too, because quite a few people land here thanks to it ;) although much fewer lately because it seems Google hates me since last summer :( (I guess I can say it now that the traffic coming from them shredded to the point it became almost negligible, so even if they bury me even more I shouldn’t feel much difference – for instance, yesterday’s traffic: Bing + Duckduckgo brought me half the traffic Google brought)

Anyway, the usual mentions:

1) If you’re planning to use this with Tor, you should also plan to say goodbye to IP anonymity (which I believe is the main reason for using Tor): Flash will connect without much regards for your Tor Browser proxy settings so it can leak your IP to someone willing to get it. Well, maybe there’s a way to make it safer, but seriously using browser plugins such as Java and Flash while trying to be anonymous is like trying to win a race while starting late on purpose.

2) To “install” it into your portable browser, grab the correct files (either 32 or 64 bits) and put it in the plugin folder (which you may need to create yourself), which is:

  • Firefox Portable: Data/plugins + set plugins.load_appdir_plugins to true in about:config
  • Opera USB: program/plugins
  • Iron or Chrome Portable: Iron/plugins

I’m pretty sure Flashplayer.xpt is useless, but I include it because it’s tiny and some people do look for it.
Also, I haven’t actually used any portable browser in a loooong while, so if those instructions are outdated, don’t hesitate to let me know (let’s beat the record number of comments set around Flash player 11 ;)).

3) Last but not least, this is not a magic portable Flash, this is just a repack of the original Flash stuff to make it easier to “install” manually on a device where you don’t have admin rights. So, Flash will, as usual, store the infamous LSO (Local Shared Objects) “cookies” in a system location (in %APPDATA%\Macromedia\Flash Player), and you’ll want to delete the stuff in there at the end of your session if you’re also concerned about not leaving tracks and not just about running Flash stuff.

Ok, now I shut up and here is the zip containing NPSWF32_13_0_0_182.dll, FlashPlayerPlugin_13_0_0_182.exe, NPSWF64_13_0_0_182.dll and flashplayer.xpt (the first 2 are the 32 bits version, the third is the 64 bits, and the last is here for, hm, decoration ^^). They are hosted primarily on Uploaded.to, which should keep a back up “indefinitely”, and on my server, where only the latest version is guaranteed to be maintained (the previous ones may be obtained with a trivial URL manipulation, but whenever I change hosting I drop the older versions, so no guarantee that this will always work). I will also try to upload them to demo2.ovh.net, because some people have reported issues (well, company filtering issues) connecting to the other 2 places, but they delete files after 30 days there, so obviously this will only be suitable for grabbing the latest release while it’s hot.

For developers, here is also the debug version 11.7.700.202 (yes, I don’t upload this one quite regularly because I guess not many people need it – if you do need a more recent debug version let me know).

Older 12.x versions

Even older versions (<12)

Cf previous post, Flash player 11.9.900.170 for portable browsers (32 and 64 bits)

Posted in Flash, portable software.


PyCrypto binaries and how to compile (on Windows)

PyCrypto is a library for Python 2.x/3.x which provides many cryptographic functions such as AES, etc. However, due to export restrictions they don’t provide binaries, and they seem to be quite a pain to compile.

If you’re wondering how to compile it, I found this guide which seems detailed enough: http://yorickdowne.wordpress.com/2010/12/22/compiling-pycrypto-on-win7-64/.

On the above-mentioned page, they also provide an old build (version 2.3.1). If you need a more recent version, this page http://www.voidspace.org.uk/python/modules.shtml#pycrypto has binaries of PyCrypto 2.6 (but also 2.3 and even 2.1), compiled for specific version of Python (2.6, 2.7, 3.2 and 3.3 for PyCrypto 2.6, 24 to 2.7 for PyCrypto 2.1 and 2.3).

Just in case, I mirrored 2 of those here:
pycrypto-2.3.1.win7x64-py2.7×64.7z (PyCrypto 2.3.1 for Ptyhon 2.7 from the tutorial)
pycrypto-2.6.win-amd64-py3.3.exe (PyCrypto2.6 for Ptyhon 3.6 64 bits from the second link with many different builds)
Note that I only tested pycrypto-2.3.1.win7x64-py2.7×64.7z, but the others were mentioned in a cryptography class so probably quite a few people used them successfully ;)

Posted in cryptography, programming.


A couple (non-free) alternative email hosting providers

I recently decided that I was tired of Gmail catching so many false positive into their spam folders (effectively breaking the forward-only old accounts I still have there for people who can’t be bothered to update their contact list) and of Hotmail silently discarding an apparently increasing amount of legitimate e-mails. Not to mention Yahoo’s crazy outgoing filters. The reason I stuck with those (well, mostly Hotmail aka now Outlook) was because of the large amount of storage at a hard to beat price, with also quite decent – yet perfectible – interfaces.

But time passes, storage gets cheaper, web technologies get better, and, well, I thought maybe paid offers got decent now. So I went searching for some. With just one criterion: I didn’t want it to be under French or US jurisdiction. I found this nice, few months old discussion from someone with a similar query, and ended up trying 2 solutions:

1) runbox.com: they’re based in Norway and care at least a bit about privacy issues. They offer a 14-days trial. Unfortunately, I quickly realized that their webmail interface is seriously outdated, plus they didn’t provided advanced forwarding features and DNS options that I was hoping for. Storage is quite expensive, too, with not really decreasing prices ($34.95/year for 5GB, $49.95/year for 10GB, $79.95/year for 15GB).

2) fastmail.fm: the company is based in Australia, but the servers are mostly in US… yet they said they only respond to legal requests filled in Australia. I guess that will be good enough, that’s better than Gmail/Hotmail/Yahoo anyway, plus I encrypt important e-mails anyway. The name sounded familiar, and indeed after looking at their Wikipedia page I read they were own by Opera from 2010 to 2013, which is probably how I heard about them (I tried Opera Mail a while back).
Their webmail is really quite smooth, much more than Hotmail (which has been very slow and a bit buggy for me since the migration to Outlook), with the only drawback that it wastes a lot of horizontal space. Storage is decent for the larger offers (1GB for 20$/year, but 15GB for 40$/year or 60GB for 120$/year), and on the top of that they seem to provide a huge amount of advanced features: they can handle your domains’ DNS (NB: up to 50 domain names), or you can just point your domain MX records to them, then you can create aliases (up to 500 aliases) and forward them externally (just like I do at the moment with my own server, except that I probably don’t do it optimally and often end up in a spam folder), etc. Really, a lot of options, on condition that you take at least the 15GB offer (the smaller ones have more limited features, notably no custom domain name). They say you can easily upgrade AND downgrade whenever you want, too. And finally, this comes with a 60 days trial so you can look around and see if all goes well for you without the precipitation of a shorter, 1 or 2 week long trial. I’m only on my first day, so there’s probably some more cool stuff that I haven’t found yet ;)

On a side note, Rackspace provide a 15GB mailbox with unlimited archiving for 2$(mailbox) + 3$(archiving) per month, but they require a minimum amount of 5 mailboxes, so 25$/month. Plus of course they are US.

Posted in Uncategorized.


Where to find VLC nightly APKs for android

VLC for Android is not completely ready yet, and the release schedule of betas can seem a bit slow if the latest one suffers from a bug that annoys you. Plus you can only download them from Google Play (which means you need to connect there from your phone, using the Google Play app, with a Google account, unless you want to resort to cool but time-consuming workarounds like APK downloader). So in the end, I decided to switch to nightlies, which, like betas, are usually stable enough, even though you may have to try a few before finding a good one.

I’ve often had issues finding the proper download links, so here you go:
- VLC download server with all latest nightlies: http://nightlies.videolan.org/build/android-armv7/ (NB: you can browse around for other OSes, like Windows) In case nightlies got broken and you don’t want to spend time trying many, today’s nightly (VLC-debug-20140115-0113.apk) seems to work just fine.
- Bonus, the Git repository of the VLC port for Android: http://git.videolan.org/?p=vlc-ports/android.git;a=summary

Posted in Cyanogenmod, multimedia, VLC.