Berlekamp & GO posted April 2014

I knew that my principal cryptography professor Gilles Zémor was a GO player.

Which is pretty amazing in itself :)

But this keeps going on.

I have an algebra class this semester, and I'm trying to understand Berlekamp's algorithm. Trying to find videos on youtube about him I discover that he is as well a go player! And doing researches about the game at that! So cool :D

Ruby, Go, Rust posted April 2014

I've been planning to code my next web project with Ruby on Rails.

But two languages have also been catching my attention. Go and Rust.

And today, I ran into two wonderful websites:

• Go by Example

• Rust by Example

Those websites are so pretty that it just makes me want to read them! Great complement to learnXinYminutes.

Now I just have to find a project to code with these languages =)

Using Google, Facebook (and others?) to DDoS any websites posted April 2014

chr13 has posted a nice finding on how to DDoS a website thanks to services like facebook and google.

It's actually pretty simple!

You just create notes with img tags, facebook will crawl the website to cache the picture.

In his example he writes a thousand img tags per notes, opens all the notes from several browsers.

<img src=http://targetname/file?r=1></img>
<img src=http://targetname/file?r=2></img>
..
<img src=http://targetname/file?r=1000></img>

Thousands of get request are sent to a single server in a couple of seconds. Total number of facebook servers accessing in parallel is 100+.

The funny thought of facebook DDoSing itself crossed my mind. Interestingly someone else's also and chr13 answered that he hadn't tried:

It’s against the bug bounty rules to do this, hence one has to be careful here. I was only using browsers at first just because of that.

NAT Masquerade in one picture posted April 2014

I wanted a recall on how masquerade worked in NAT, and I wanted a fast recall.

What's better than a picture? Nothing of course :D

source

Slides with LaTeX posted April 2014

If you read this blog, you know that recently I gave a talk on bitcoins.

I also gave a talk on whitebox cryptography last week.

One part of giving a talk that a lot of people tend to overlook is making good slides. I've always used Powerpoint for that, but for my last talk on whitebox cryptography I had two other persons on my team. Powerpoint was not an option if we were all working on the same file. LaTeX is the solution.

It's a real text file so you can use a revision control system like git, it's constant in its layout. You configure it at the beginning of the file and then you don't have to worry about it later.

We also had a fight (we were tired) on what theme to used. I went for no theme at all. Because everything else is visual noise.

Here's a great article from Zach Holman on the subject. If you ask me, and I'm not saying my slides are perfect, there are way too many crappy slides out there!

SSTIC 2014 posted April 2014

Symposium sur la sécurité des technologies de l'information et des communications is a 2 day con about security. Entrance is 260€ or 60€ if you're a student, still quite expensive, there seems to be a way of getting a free pass: analyzing a usb trace and extracting a mail from it.

Here's the trace.

translation:

Hello,
here's a usb trace I got from plugging my brand new android to my personnal air-gapped computer.
I'm suspecting that a malware is on my phone. Could you check?

So where do I start...

Lundum Dare about to start posted April 2014

The Lundum Dare is starting in a bit less than 10 hours.

Ludum Dare is an Online Game Jam event where people from around the world create a game in a weekend.

You have 48 hours to produce something good! In what language? I used to watch notch do it in java, but apparently you can do it in whatever language you like.

To reach more participants, web entries are best (Flash, Unity, Flixel, Flashpunk, HTML, etc). They’re quick to start playing, and cross platform.

I need to get into Unity a lot more to get into that kind of contest. Every year I'm telling myself "next year I'll do the lundum dare"....

Nodster day 3 posted April 2014

I can't stop coding this thing. What I've done today:

• This is the query I'm using in google now : [your search] mp3 -facebook -youtube -soundcloud -last.fm -amazon -dailymotion -bleep
• I'm now parsing google and the following links with jQuery: $(body).find('a') and then looking for good links with a regex. This is so much more quicker!
• There is still a part that is taking some time though, it's the metadata fetching. I still have to get every mp3 independently and download enough bits to learn its metadatas...

But it is working quite well as it is!

EDIT: I'm now fetching the metadata in parallel and it's super fast! I've also fixed a ton.