AltSci Blog

Please check out the reverse-engineering tag.

JD-GUI is the best decompiler. It's easy to use and works well.

JAD Java Decompiler is no longer under development.

Jan 23, 2012

Some things require no explanation. Some things do. Today isn't the day for a cryptic blog post, so I'll get right to it. AltSci's SSH shell service is unavailable to most users due to an unpatched Local Root Vulnerability in the Linux Kernel. I tested it on my machine at home and it works. That will teach me to upgrade my kernel regularly. =[ The explanation of the vulnerability is incredibly good and the timing could not be much better. If you have a shell that has a new kernel, you should know about this.

I've been working diligently on a SIP softphone, BikeIM. The simplest explanation is that it is a competitor to Skype. Skype has several features that version 1.0 of BikeIM will not: a GUI, video support, a directory, SkypeIn, and SkypeOut. So without all these killer features, how do I expect to compete? Linphone, Ekiga, and Jitsi are Open Source competitors to Skype that have most or all of the features that Skype does. Many people use these tools in place of Skype. My reason for writing my own is to be able to trust the code. Instead of writing my own softphone, I could pen test or code review one or all the open source softphones, but when I found bugs, I would go through the process of writing it up, getting the developers to patch, and getting people to upgrade. That process is not as difficult as writing software, but the end result is a handful of CVEs at best. The reward for reviewing and testing open source software is good software for everyone. The reward for writing good open source software is good software for everyone. When I started writing code in July 2011, I evaluated Linphone, Pidgin, and Ekiga. Linphone and Pidgin didn't work for me, and Ekiga had issues that I could not accept (despite working quite well). It's possible that Linphone has improved, but I do not think that Pidgin or Ekiga have changed. VoIP is a strange example of Open Source innovation: multiple well-designed systems all using open protocols but with reliability that is suspect in my opinion. Asterisk is a perfect example of how an Open Source project can grow too quickly for its own good. Asterisk has had so many vulnerabilities in the past 6 years that they have become famous for their flaws. The problem with Asterisk is that the code base is increasing in size by implementing unnecessary features without proper code review and testing. This is a recipe for disaster and the size of their project should daunt even their most staunch supporters. But Open Source is not alone, closed source VoIP software works, but all have serious reliability issues. If you've ever had the stuttering effect on Skype, you know what I mean. Not only will BikeIM be reliable and Open Source, it will grow as times goes on. I plan to use it in place of a home phone and will leave it on all my systems. Version 2.0 should have a GUI for those who prefer. I hope that my work will inspire Open Source VoIP projects to increase their testing to ensure reliability and quality. Even if they can't afford professional security experts, they can appeal for help. Since my project will also be Open Source, they will have the choice of copying any improvements I make and visa-versa. That's just how we roll.

It's been a month since I went to Brasil. I am planning on going back, learning as quickly as I can. It's likely that I won't be able to make it back until next winter, but I will plan on it. I need to stay in touch with the friends I made over there. There are many conferences that I can attend to make my stay work-related, but the plane ticket is my main expense. I'm planning on keeping my Brasilian telephone number and giving it to my friends so that they can call me for cheap or free. Of course they can call me on Skype for free as well. We're lucky that we live in such a well-connected society, it's just up to us to stay in touch.

A video I watched today said that Vila Prudente is a favela. I actually visited that neighborhood while I was there and didn't think it was a favela. If that is the definition of a favela, then my eyes deceive me. Certainly the neighborhood may be much poorer than some of the neighborhoods I visited, but it looks quite beautiful (see the street view if you want to know what I mean). Maybe that is the definition of the favela, poverty in a beautiful place. It didn't connect with me that there would be any crime in that neighborhood. The video is about how the residents are getting people involved with documentary films.

What's new with me? Well, since I'm back in Seattle, I may start up yet another blog at blog.altsci.com (not started yet) which will keep a little more info on my day to day and will collect all the other blogs. One problem I have is that I have too many blogs. In one way it's good to separate topics but on the other hand most people who visit my blog are looking for me rather than my topic. I would love to attract more people interested in my subject matter but maybe I should post more subject matter. I can do that.

I finally made it back to Seattle, so I wanted to write a short overview of things from the perspective of being back in Seattle. São Paulo is so very different from Seattle. In Seattle, there are no huge walls or fences around the houses. There are no doormen to the apartments. Most of our parks don't have fences around them. Our protesters are still encamped at Seattle Central Community College for the time being (their protesters are encamped at Praça Ciclista near Paulista and Anhangabaú. The weather in Seattle is cold, but not too cold. The weather in São Paulo is awesome, sunny with a bit of overcast and clouds from time to time. The people in Seattle are friendlier than I remember (another greeter I found was a homeless man selling Real Change newspapers, Daniel). Seattle has fewer Cathedrals and in less promenant placement. Seattle's Airport to Downtown light rail is much cheaper and convenient than the bus or taxi to Guarulhos. Seattle's major university is further away from downtown and requires a bus, but São Paulo's major university requires a metro and a bus. Seattle and São Paulo both have wonderful forests a few hours away. São Paulo's forests are slightly more accessible because you can walk 2 hours from the bus to the forest. São Paulo has more food vendors and many more vitiminas than Seattle. Seattle's buildings don't require any identification to enter the elevator. São Paulo's museums are cheaper and there are more public places. There are long streets in Seattle on a grid with numbering in useful patterns. There is no place in Seattle where I feel unsafe. I never felt unsafe in São Paulo but I am a pretty strange guy. I don't know about other people. Homeless people who sleep on the sidewalk in São Paulo are not harassed as much as in Seattle. There are the same number of panhandlers in São Paulo as Seattle. There are the same number of expensive cars in São Paulo as Seattle. There are many many more small cars and motorcycles in São Paulo. The method of crossing the street in São Paulo is completely different than Seattle (in Seattle, pedestrians have the right of way always while that is totally not true in São Paulo). There are many places in São Paulo where cars don't go because people fill the street. There are feiras (farmer's markets) many days of the week in São Paulo but only a few days in Seattle and never in the street. Cars in São Paulo will often run red lights at night not respecting the lives of pedestrians. Cars and motorcycles with sirens in São Paulo will break the law of the road and no one will flinch. Women in São Paulo dress very scantily. The metro of São Paulo changes the dynamic of the city so that people go out more. Wireless networks are strange in São Paulo. There may be something about the networks I was using, but they were flakey except for the Netgear. Electricity in São Paulo is half 110V (good for US devices) and half 220V (very bad for US devices, good for European devices). Not all are labeled, but smart people label them. The outlets are very often 2 prong, so bringing a 3 prong to 2 prong will save you days. A splitter wouln't hurt either. On my last days in São Paulo, they added a bunch of Natal decorations. This is similar to Seattle, but their decorations are a bit bigger. Graffiti in São Paulo is more common and much higher quality. There's an alien language used in many of the worse graffiti which piques my interest. Of course, it could be a simple substitution cipher which I would very much like to crack.

So giving this long list of differences, there must be a clear winner. And there is. São Paulo wins the city contest. Between Zurich (I stayed for 2 weeks of work), Berlin (3 weeks in the dead of winter), Tokyo (1 month in spring), Seattle (10 years), Spokane (19 years), San Diego (15 days over 10 years), Las Vegas (20 days over 7 years), and Kopenhaven (aka Copenhagen 2 nights), I pick São Paulo as the winner of all cities I have visited. I no longer seek the best city in the world, I have found it. I love Tokyo and I'll visit it and Berlin again, but São Paulo beats them hands down. Instead of promising to return when my tour of the world is finished, I will simply visit it as soon as I have time and things in order. My intention to visit Africa and Australia (the last two continents I have not visited) will have to wait until I have twice as much free time and money or a coincidental reason to visit them.

On my return trip I met a man briefly who visits São Paulo every year for Formula 1 races. He's a big fan and he remarked that people in Brasil are huge sport fans and that they are passionate and are open with their feelings. They sing and stand up all throughout the races. This is the Brasil I know and love. Even though I don't like sports as much as they do, I understand why they like their sports. So long as their feelings show I will say that's the Brasil I know. Also interesting he said that he also has traveled many places and that the Brazilian enthusiasm is not so in other places in the world.