Skip to content

State of the threats on cryptocurrencies

I found this in my draft folder. It’s totally outdated so I’m publishing it unedited, with the original date, and with a few notes written 4 years later (see at the end). I hadn’t written an introduction, so it starts right away now, as a 3-point list.

1) Massive government crackdown
This one doesn’t seem very likely, since:
– legal use is rising
– illegal uses aren’t that much of an issue, since Bitcoin is actually quite traceable (I’m sure eventually they’ll catch some doing illegal business precisely thanks to blockchain analysis) (Footnote 1)
– blocking it would require quite a censorship of internet (it can technically be done, but politically that would be tough, at least in most countries – e.g. not in China)

2) Failure to deal with the outstanding technical challenges
The blockchain is growing. Faster and faster as transactions get more numerous. However, in the current design, it must be stored in full on every machine taking part in the network. At the moment it only takes up 17GB, but it may become problematic as it keeps increasing… The developers don’t seem too worried as hard drive capacity keeps increasing (Footnote 2), yet I wouldn’t be so sure storage capacity will keep increasing faster than the amount of worldwide transactions requires. (Footnote 3)

3) Dilution of the geek user base into X copycats, messing with general public adoption
Let’s face it: Bitcoin used to be a ponzi. I don’t think it was a voluntary ponzi, this aspect was just a necessary evil to get the currency started: I don’t see how it could have been possible to attract enough computing power and developers at the beginning without the incentive of greater rewards. The currency is very vulnerable when the computing power is low, so that made sense to have large rewards for mining in such a high risk context (and then as computation power grew, so did the risk and the reward). That’s also what encouraged research to create much more powerful mining devices (first FGPA then ASIC-based ones), leading to further increased security.

Now that more than half of the total bitcoins have been distributed, that the new ones are shared among a large amount of miners, and that the value reached levels which seem about right for the long term, Bitcoin isn’t a ponzi anymore. But some people who arrived late in the game want to benefit from the ponzi effect, and in that objective they create “altcoins”, which are basically copies of Bitcoin (it’s open source and free software) with a few twists. Those copycats work similarly to Bitcoin (apart from some technical details, the most notable one being that sometimes SHA-256 is replaced with scrypt), and generally require very minimal investment from their “creators”. The creators mine a lot at launch when mining is easy, and then hope their altcoin will raise in value if enough people gain interest. A real, deliberate ponzi. And those tend to literally proliferate: there are a couple hundreds of altcoins as I write these lines! (Footnote 4)

I believe that if those derivatives gain too much attention and adoption, this will make it a lot harder to get the general public interested in cryptocurrencies: (Footnote 5)
1) They’ll be seen, most often rightfully, as ponzis. That is, all of them, even Bitcoin.
2) It will just be confusing:
– The public is already poorly able to use several different payment system (cf PayPal’s competitors’ market shares), imagine how it will be with different payment system using different currencies with high conversion rate variability (Footnote 6)
– We’re used to using one currency (for me it’s the euro), adding another one is already confusing, even more when it’s not an official currency: imagine adding several…

Update (2018-07-28)

Funny thing, I actually never published this post, written on March 2, 2014, until today as I’m cleaning up my (totally overdue) draft backlog. I kept it unedited (apart from a few spelling corrections) but felt like adding a few footnotes:

1) The Bitcoin network was already monitored by law enforcement agencies since at least 2013 (as far as I remember from an article I read a few months ago, or maybe it was 2011… anyway, it was early), and it was indeed helpful in catching users that paid for illegal stuff

2) Even though this is finally seen as a real issue by a fair share of developers and technical users, proper solutions to this (very) hard problem are still lacking

3) Nowadays, all blocks are full, fee-less transactions have no chance to complete, and you surely heard of the forks that increased block size

4) I don’t know a site that lists them all anymore (not sure it even exists are there are so many tiny/unknown altcoins), but I read there are way more than 1000 altcoins now. Ponzis, ponzis everywhere :/

5) Boy was I wrong there! Looks like the general public is actually more interested in altcoins. My guess is, it’s precisely because they are ponzis and people still want to be “early adopters”…

6) The response to that was… centralization. Isn’t this great how a system built to decentralize money and bypass banks ended up with 95% of users relying on a few platforms like Coinbase? :/ People are not confused by multiple cryptocurrencies. They view it as share more than as currencies though. To the point that they shortened “cryptocurrency” as “crypto” (not a currency anymore?)

Posted in published drafts.

rev="post-4044" No comments

By patheticcockroach 2014-03-02

The face is the ultimate biometric data

When people ask me why I don’t want to post my photo on internet or any digital document, I usually reply with the (semi-) joke that the face is biometric data and that as such, I don’t want to diffuse it just like they probably wouldn’t want to diffuse their DNA details or their fingerprints (although the later might sadly become a habit with all the fingerprints readers getting included into the latest smartphone “just for you security because we know you’re too limited to remember a proper password”).

The face is biometric data

However, with the recent story about that silly (18 year old) “kid” (yay, when the objective is to get the public’s pity he’s a young kid, a few days before he was a brilliant young entrepreneur lending GoPro cams, go figure…) who videotaped the city of Nancy from a drone and doesn’t understand the privacy implications of this (not to mention the security ones – I mean the physical harm of getting your skull crushed by a drone falling from 30-50 meters high), I gave it some more thought. And I came to the conclusion that photo being some usual biometric data is indeed a semi-joke, as it is in fact the ultimate biometric data, as I’ll detail below.

The face is officially recognized as one of the best ways to identify people (says Captain Obvious)

It’s been used for a very long time in ID documents, notably in the French ID card from its beginning in 1912-1917 (article in French), along with the fingerprints.
On a side note, the ID card became mandatory in 1940 under the Vichy administration (that’s the administration who collaborated with the Nazis). I’m not saying that having a picture of everyone was a fascist’s dream, but… well at least that could have been. It became non-mandatory again in 1955, although I wish you good luck to open a bank account without an ID card or a passport…

It’s about as unique as DNA

Two people may have two very similar DNAs just like 2 people may have very similar faces, in both cases it’s possible yet very unlikely. Even though you probably know a couple of persons who do look a bit alike among your friends, you probably have no pair that you really can’t distinguish (and if you do, I suppose they are twins – probably real twins, who do share about the same DNA?). Elvis doubles get a haircut like him, clothes like him, mimic his facial expressions, etc, but even though they tend to look alike, you can tell they’re not the real thing not just because you know the original is dead and used to sing much better, but also because he didn’t have exactly the same face.

It can be recognized by machines…

This wasn’t the case a couple of decades ago, which is why the general public still seems poorly aware of this, or at least of its implications, but facial recognition is quite trivial nowadays. Well, not trivial, but the tools to do it easily do exist (example). Basically, what you see in NCIS is fairly accurate in that respect.
Facebook does it (unless you configure it otherwise, they detect faces in the pictures you upload and are able to suggest friends’ names that match). The RATP (the company that runs the Paris metro system) planned to do it on its CCTV system, but they backed off when the general public became aware of the project and was quite upset about it.

…And it can be directly recognized by people too

And that’s a very unique feature for a biometric data. Usually it takes some computer, or at least (historically) a very thorough manual examination (like, to manually compare a fingerprint to a series of known fingerprints) to identify biometric data. With faces, computer recognition is possible as we saw, but humans are very good at recognizing faces too. And when they aren’t, it’s a proper medical condition called prosopagnosia.

It changes with time… but we know how! (well, partially)

A limitation of the face compared to DNA or fingerprints is that it changes in time. You may think at first that this breaks down the house as an ultimate biometric data, but it’s not really the case. Because those changes are, in a good proportion, deterministic. Don’t you recognize your old good friends from high school or even below, even when you haven’t seen them in a decade or more? Well, the computer should be able to too. Ongoing research on face aging simulation looks quite promising.
Clearly, this changing face will remain a weakness compared to DNA and such. But it’s quite a moderate one, because not only we are/will be able to predict face aging quite accurately, but also because we usually have recent enough pictures: predicting the aging of a few years, or even a decade, is much less of a challenge than predicting how a 20 year old young adult will look like when he retires at 70.

It can be taken from a large distance…

To get a DNA sample, you need to touch the person (or get an object they used, like a glass). Same goes for fingerprints. This is of course not the case of pictures. The picture of the iris – for iris recognition would be a bit intermediate as I suppose you need to get decently close to obtain a good enough iris scan.

…And by the average Joe

You don’t have people around you taking your DNA samples and fingerprints and reporting them to a central authority on a regular basis, do you? Well, with faces, you often do! Tourists, the photo-maniac at your diner (at your table… or not), the narcissistic idiot taking a “selfie” with you in the remote background, etc, etc: lots of people take lots of photos without caring much about people included by accident… And then they most often upload them “into the cloud”. I.e., their smartphone, which is actually often smarter than them, sends your face on the servers of some big data mining corporation such as Google, usually with geolocalization data and the timestamp.

Last but not least, it’s super cheap

Not only it’s as good as DNA and fingerprints, it’s also cheaper than the former and about as cheap as the later:
– cost of a photo: ~0.
– cost of facial recognition software and facial database: similar to DNA recognition and database, I suppose, but it’s a one-time or fixed cost.
The cost to use that is then about the same if you want to identify one face or a few thousands of them. Not really the case with DNA, with which each sample requires some reagents to be analyzed (even though those tend to quickly get cheaper)

Conclusion

Don’t give your face to people and entities you wouldn’t give a DNA sample and fingerprints to.
(yes, that’s a quite abrupt, but I guess that’s a nice summary)

Updates

2014-07-09

Quite an interesting read: Fashion that will hide you from face-recognition technology by Lauren Davis.

Posted in privacy.

rev="post-4039" 7 comments

By patheticcockroach 2014-02-21

How to (efficiently) multiply all rows of a matrix by a vector in R

If you’re reading this, you most likely know that using for() loops isn’t an efficient way to do a high amount of computations in R. Vectorizing the code is a must if you want to get the best possible performances.

So, to multiply all rows of a matrix by a vector, we’ll first look at how to multiply all columns by a vector. Straight to the code:
A=matrix(1,3,3);
b=c(1,2,3);
A*b;
That’s right, the ‘*’ operator just does that when used on a matrix and a vector. So a first obvious solution is to transpose the matrix, do the multiplication, and then transpose it back:
A=matrix(1,3,3);
b=c(1,2,3);
t(t(A)*b);
And that’s it already.

Still, you may be interested to know that R also features the sweep() function, which can also be used to do that, and more. It’s not needed in this case, but maybe for more complex situation you’ll find it handy. The code would be:
A=matrix(1,3,3);
b=c(1,2,3);
sweep(A,2,b,'*');
The first argument is the matrix, the second is 2 for row and 1 for column, the third is the vector, and the last is the operator you want to apply. This might work with functions too, like apply(), although I didn’t check that.

Posted in programming, R (R-project).

rev="post-4038" No comments

By patheticcockroach 2014-02-15

Five reasons why it’s great to be single on Valentine’s Day

Ever felt like that today?

Today is Friday, not Valentine's day

Well, you shouldn’t, and here are five reasons why Valentine’s Day is actually brilliant for singles.

Fewer commuters in the bus…

…at your usual commuting evening hours, because the other bus parasites leave early to meet their mates. Get your very own bus on this day only!*

*should work with the subway, too, except that you won’t get the whole train.

Fewer people at the gym

Ever been attacked during a BodyAttack? Well, this definitely won’t happen today, as most of your fellow gymers will be stuck with their significantly non-gymer other. Claim your very own 10 square meters of gymfloor today!

Save time

No need to spend an evening at a boring restaurant or some other place. Also works with the days before: no need to pick a gift, no need to buy flowers, etc.

Save money

On said gift and/or flowers (at the only time of the year where they’re somehow worth more per ounce than gold), restaurant, and whatever. Seriously, you’ll save an average of $135: you just got richer!
On a side note, don’t forget that demonstration about money and problems and stuff.

Last but not least…

…don’t be a sheep. And maybe meet another great non-sheeple (at the gym) 😉

You had me at fuck the system

PS: a big thanks to “Kitkachu” for sending me the main contents of this 🙂 Even though that was totally off-topic I’m always glad to post fun contents if you guys feel like sharing some

Posted in funnies, Totally pointless.

rev="post-4035" No comments

By patheticcockroach 2014-02-14

Cheap trick to justify your blog posts’ text in WordPress

I tend to prefer justified text to ugly irregular line ends, but WordPress themes tend to prefer the later. Never mind, it’s actually quite trivial to fix, if you don’t mind quick’n dirty solutions.

First, note that I’m using the Carrington Blog theme. Most likely, other themes will be modifiable in a similar way. Basically, all posts are contained within a div of class “entry-content”. So all you have to do is go to the theme editor (Appearance → Editor), find the appropriate css file (for Carrington, it’s css.php, for other themes it will most likely be different but if you just search for any file with “css” in it, you should quickly find the right one), and at the end, add:
.entry-content {text-align:justify;}

Then save, and go to your blog (you’ll probably need to purge your browser cache and refresh, aka CTRL+F5 in Firefox) to see the result 🙂

Posted in WordPress.

rev="post-4034" No comments

By patheticcockroach 2014-02-14

Flash player 12.x to 31.0.0.108 for portable browsers (32 and 64 bits)

Note (2018-09-14): due to lack of time (and interest, and how is Flash still alive anyway?), today’s upload of version 31.0.0.108 will be the last version I repackage. Thanks for hanging around all this time 🙂 (and good luck with the few rare sites that still somehow near the end of 2018 require you to use Flash)

Skip to the download links if you’re too lazy to read or if you already know what you’re doing

Latest version for download here: 31.0.0.108 for Firefox and Chrome. Mirrors are available in article and/or in the latest comments. If this is out of date, don’t hesitate to bump me in comments, I don’t check for updates quite regularly.

Note (2018-07-18): as far as I know, the instructions are now totally outdated and basically the only relevant part of this post is the download links. I’m not using Flash anymore, be it portable or not, so I don’t know what the up-to-date setup voodoo is (on a side note, thanks very much to browsers for always changing that shit). But you’ll probably find interesting pointers among the most recent comments.

Finally, about 2 years and a half after Flash 11, Adobe recently released Flash 12, and quite quickly later, Flash 13 to 16. I don’t think there’s anything major in this release, the previous version was 11.9.x and I guess they preferred 12.0.x rather than getting into 11.10.x and such. I have no idea about the changelog, although from previous experience on the 11.x branch, it’s probably mainly security and bug fixes. The Linux version was discontinued at version 11.2 (although they still update this one with security fixes, current version being 11.2.202.336, which you can grab there), so probably even Adobe see Flash’s end coming. Which will be a sad day for me too, because quite a few people land here thanks to it 😉 although much fewer lately because it seems Google hates me since last summer 🙁 (I guess I can say it now that the traffic coming from them shredded to the point it became almost negligible, so even if they bury me even more I shouldn’t feel much difference – for instance, yesterday’s traffic: Bing + Duckduckgo brought me half the traffic Google brought)

Anyway, the usual mentions:

1) If you’re planning to use this with Tor, you should also plan to say goodbye to IP anonymity (which I believe is the main reason for using Tor): Flash will connect without much regards for your Tor Browser proxy settings so it can leak your IP to someone willing to get it. Well, maybe there’s a way to make it safer, but seriously using browser plugins such as Java and Flash while trying to be anonymous is like trying to win a race while starting late on purpose.

2) To “install” it into your portable browser, grab the correct files (either 32 or 64 bits) and put it in the plugin folder (which you may need to create yourself), which is:

  • Firefox Portable: Data/plugins + set plugins.load_appdir_plugins to true in about:config
  • Opera USB:
    • new version (Chromium based): [Opera install dir]\[Version number]\plugins\ (thanks Marcelo.ar and Kooky Tommy in the comments)
    • old version (12x): program/plugins
  • Iron or Chrome Portable: Iron/plugins

NB: as of today (2016-01-23), those instructions are probably quite outdated. I haven’t actually used portable Flash in years, you may want to browse the comments to find up-to-date instructions.
I’m pretty sure Flashplayer.xpt is useless, but I include it because it’s tiny and some people do look for it.
Also, I haven’t actually used any portable browser in a loooong while, so if those instructions are outdated, don’t hesitate to let me know (let’s beat the record number of comments set around Flash player 11 ;)).
Edit: okay this section is totally outdated for Chrome-based browsers now…

3) Last but not least, this is not a magic portable Flash, this is just a repack of the original Flash stuff to make it easier to “install” manually on a device where you don’t have admin rights. So, Flash will, as usual, store the infamous LSO (Local Shared Objects) “cookies” in a system location (in %APPDATA%\Macromedia\Flash Player), and you’ll want to delete the stuff in there at the end of your session if you’re also concerned about not leaving tracks and not just about running Flash stuff.

Ok, now I shut up and here is the zip containing NPSWF32_31_0_0_108.dll, FlashPlayerPlugin_31_0_0_108.exe, NPSWF64_31_0_0_108.dll and flashplayer.xpt (the first 2 are the 32 bits version, the third is the 64 bits, and the last is here for, hm, decoration ^^) and now there is also, in the same package, the new Pepper Flash Player files for Chrome-based browsers (those “pepflashplayer” dlls). They are hosted primarily on Megabitload and Uploaded.to, which should keep a back up “indefinitely”, and on my server, where only the latest version is guaranteed to be maintained (the previous ones can usually be obtained with a trivial URL manipulation, but whenever I change hosting I drop the older versions, so no guarantee that this will always work). I will also try to upload them to demo2.ovh.net, because some people have reported issues (well, company filtering issues) connecting to the other 2 places, but they delete files after 30 days there, so obviously this will only be suitable for grabbing the latest release while it’s hot.

For developers, here is also the debug version 22.0.0.192 (yes, I don’t upload this one quite regularly because I guess not many people need it – if you do need a more recent debug version let me know).

Last but not least, courtesy from Kooky Tommy in the comments, some Flash ESR packages are available there via Dropbox

Older 20+ versions

Older 19.x versions

Older 18.x versions

Older 17.x versions

Older 16.x versions

Older 15.x versions

Older 14.x versions

Older 13.x versions

Older 12.x versions

Even older versions (<12)

Cf previous post, Flash player 11.9.900.170 for portable browsers (32 and 64 bits)

Original installers

Links to latest versions:
Firefox/Cyberfox and other NPAPI: http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
Chrome/Iron/Opera and other Pepper: http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Posted in Flash, portable software.

rev="post-4029" 544 comments

By patheticcockroach 2014-02-12

PyCrypto binaries and how to compile (on Windows)

PyCrypto is a library for Python 2.x/3.x which provides many cryptographic functions such as AES, etc. However, due to export restrictions they don’t provide binaries, and they seem to be quite a pain to compile.

If you’re wondering how to compile it, I found this guide which seems detailed enough: http://yorickdowne.wordpress.com/2010/12/22/compiling-pycrypto-on-win7-64/.

On the above-mentioned page, they also provide an old build (version 2.3.1). If you need a more recent version, this page http://www.voidspace.org.uk/python/modules.shtml#pycrypto has binaries of PyCrypto 2.6 (but also 2.3 and even 2.1), compiled for specific version of Python (2.6, 2.7, 3.2 and 3.3 for PyCrypto 2.6, 24 to 2.7 for PyCrypto 2.1 and 2.3).

Just in case, I mirrored 2 of those here:
pycrypto-2.3.1.win7x64-py2.7×64.7z (PyCrypto 2.3.1 for Ptyhon 2.7 from the tutorial)
pycrypto-2.6.win-amd64-py3.3.exe (PyCrypto2.6 for Ptyhon 3.6 64 bits from the second link with many different builds)
Note that I only tested pycrypto-2.3.1.win7x64-py2.7×64.7z, but the others were mentioned in a cryptography class so probably quite a few people used them successfully 😉

Posted in cryptography, programming.

rev="post-4028" No comments

By patheticcockroach 2014-02-05

Great places worth seing (at least by proxy ;))

I’m not much of a real-life traveler, still I like discovering places via articles about them: you get to see the thing, plus usually the story about it, all from the comfort on your home, without the loooong trip, travel expenses, risks, etc. And I thought I’d make a little list of such places.

The door to hell

The Door to Hell, a burning natural gas field in Derweze, Turkmenistan
(source, © Tormod Sandtorv under a CC-BY-SA license)
Located somewhere in Turkmenistan, this is a natural gas field which was set on fire in 1971 and has been burning since then. Originally, soviet scientists were setting up a drilling camp when the ground collapsed, leaving a large (~70m diameter) crater releasing methane. They set it on fire in order to prevent further emissions, which could be a health hazard to neighboring villages, and because they expected the gas to burn out within a few days… but obviously there was much more than planned 😉
More on Wikipedia

The Mir mine

The Mir mine, an open pit diamond mine in Siberia
https://en.wikipedia.org/wiki/Mir_mine

Posted in published drafts.

rev="post-4024" No comments

By patheticcockroach 2014-02-01

A couple (non-free) alternative email hosting providers

I recently decided that I was tired of Gmail catching so many false positive into their spam folders (effectively breaking the forward-only old accounts I still have there for people who can’t be bothered to update their contact list) and of Hotmail silently discarding an apparently increasing amount of legitimate e-mails. Not to mention Yahoo’s crazy outgoing filters. The reason I stuck with those (well, mostly Hotmail aka now Outlook) was because of the large amount of storage at a hard to beat price, with also quite decent – yet perfectible – interfaces.

But time passes, storage gets cheaper, web technologies get better, and, well, I thought maybe paid offers got decent now. So I went searching for some. With just one criterion: I didn’t want it to be under French or US jurisdiction. I found this nice, few months old discussion from someone with a similar query, and ended up trying 2 solutions:

1) runbox.com: they’re based in Norway and care at least a bit about privacy issues. They offer a 14-days trial. Unfortunately, I quickly realized that their webmail interface is seriously outdated, plus they didn’t provided advanced forwarding features and DNS options that I was hoping for. Storage is quite expensive, too, with not really decreasing prices ($34.95/year for 5GB, $49.95/year for 10GB, $79.95/year for 15GB).

2) fastmail.fm: the company is based in Australia, but the servers are mostly in US… yet they said they only respond to legal requests filled in Australia. I guess that will be good enough, that’s better than Gmail/Hotmail/Yahoo anyway, plus I encrypt important e-mails anyway. The name sounded familiar, and indeed after looking at their Wikipedia page I read they were own by Opera from 2010 to 2013, which is probably how I heard about them (I tried Opera Mail a while back).
Their webmail is really quite smooth, much more than Hotmail (which has been very slow and a bit buggy for me since the migration to Outlook), with the only drawback that it wastes a lot of horizontal space. Storage is decent for the larger offers (1GB for 20$/year, but 15GB for 40$/year or 60GB for 120$/year), and on the top of that they seem to provide a huge amount of advanced features: they can handle your domains’ DNS (NB: up to 50 domain names), or you can just point your domain MX records to them, then you can create aliases (up to 500 aliases) and forward them externally (just like I do at the moment with my own server, except that I probably don’t do it optimally and often end up in a spam folder), etc. Really, a lot of options, on condition that you take at least the 15GB offer (the smaller ones have more limited features, notably no custom domain name). They say you can easily upgrade AND downgrade whenever you want, too. And finally, this comes with a 60 days trial so you can look around and see if all goes well for you without the precipitation of a shorter, 1 or 2 week long trial. I’m only on my first day, so there’s probably some more cool stuff that I haven’t found yet 😉

On a side note, Rackspace provide a 15GB mailbox with unlimited archiving for 2$(mailbox) + 3$(archiving) per month, but they require a minimum amount of 5 mailboxes, so 25$/month. Plus of course they are US.

Posted in Uncategorized.

rev="post-4021" No comments

By patheticcockroach 2014-01-29

Where to find VLC nightly APKs for android

VLC for Android is not completely ready yet, and the release schedule of betas can seem a bit slow if the latest one suffers from a bug that annoys you. Plus you can only download them from Google Play (which means you need to connect there from your phone, using the Google Play app, with a Google account, unless you want to resort to cool but time-consuming workarounds like APK downloader). So in the end, I decided to switch to nightlies, which, like betas, are usually stable enough, even though you may have to try a few before finding a good one.

I’ve often had issues finding the proper download links, so here you go:
– VLC download server with all latest nightlies: http://nightlies.videolan.org/build/android-armv7/ (NB: you can browse around for other OSes, like Windows) In case nightlies got broken and you don’t want to spend time trying many, today’s nightly (VLC-debug-20140115-0113.apk) seems to work just fine.
– Bonus, the Git repository of the VLC port for Android: http://git.videolan.org/?p=vlc-ports/android.git;a=summary

Posted in Cyanogenmod, multimedia, VLC.

rev="post-4017" No comments

By patheticcockroach 2014-01-15