OHM2013 – hackers are camping

The evocative video made by conference organizer tried to convince the audience that the hacker campgrounds are a Dutch tradition – as well as tulips, windmills, Gouda cheese and wooden shoes. Since 1989, every four years hackers gather in a traditional Dutch style campsite. Imagine a large music festival, substitute concerts with tech lectures and replace a variety of food stalls with tents of various hackerspaces, makerspaces and projects. At night, the camp turns into a twinkling city in which hackers want to prove that the image of the hacker as an intellectual loner is pure cliché.

Our group starts arriving to Amsterdam a few days early group by group. We all want to see the other Dutch traditions – Red Light District, have a beer at the windmill and go cycling. Many of us opt for a bicycle trip from the nearest station to the campground. We were welcomed by a typical Dutch weather and arrive completely wet, but happy. Trying to dry at the Progressbar, Laila, the chief decorator of our camp tent is already sticking posters to the wall. Others build up tents – inside the main tent which is the headquarters of Czech-Slovak village. Geography is maintained at least relatively because a short walk from our village is HQ and campsite of Metalab, Vienna. Their typical telephone booth is connected to the OHM2013 phone network. Brmlab from Prague is a bit further but still close.

Unofficial, but apparently the main theme of OHM2013 is the apparent asymmetry between the human desire for privacy and large organizations – headed by the NSA and the largest social networks and portals, who have other plans with the “private” data. Proclaimed objective of NSA is to protect the public against terrorist attacks, although the facts show a significantly different story. According to the latest information, NSA-caught personal communication is distributed to DEA for minor drug investigations as well. The aim of “technology” giants like Google, Facebook and Yahoo is to serve their customers – the advertisers. In this way, they can raise prices and allow better ad targeting. People are starting to realize that for these companies, we are not the customers, but the product. Julian Assange spoke about this from his “asylum” in the Ecuadorian Embassy in London via Skype. Jérémie Zimmermann, founder of La Quadrature du Net, a European organization that is fighting for the right to privacy of users said, “Julian, I really wish that you could be here with us. It’s beautiful here, there are lots of blinking lights at night. We miss you.” The atmosphere was nostalgic, just four years ago he gave one of the major speeches on his project Wikileaks at this same event. Julian Assange did not say much, but one new thing we did learn – according to him, the states are not forcing companies to send data to their secret organizations and companies are fighting, but ultimately giving up. Technology giants and NSA are in the same bed. As an example, he mentioned a visit from Eric Schmidt of Google, who came up with several representatives of state power.

The so-called “Spook Panel”, which consisted of former agents and contractors of NSA, CIA, MI5 and American Department of Justice, explained to us how the surveillance system works. There is a great deal of exchange of information between the agencies. Since the NSA cannot eavesdrop on Americans officially, they simply outsource this part of activities to their partners, who in exchange receive information that are captured by the U.S. probes. Analyst at the agency sees target’s e-mails, conversations on social networks, browsing history, metadata about phone calls (date, time of call and dialed number), or SWIFT transfers and card transactions. Whenever the analyst tries to get the information, they must provide written justification, however, although it is archived, nobody reads it.

In addition to political issues, there were also purely technical issues. Philippe Langlois started a popular topic of hackers – hacking telecommunications infrastructure. Telecommunications market is known for its closeness and overcomplicated solutions and protocols. It is a popular target for hackers because closed complex systems usually involve a lot of vulnerabilities. Phillipe’s lecture was about Home Location Registry of cellphone operators. HLR is a central database of users and information about them. Each access to the network by the user, whether at home or from a roaming network is verified by this system. It contains most sensitive data operator knows about its users. And it’s almost always a huge, complex system covered with the various old components. It is no wonder that finding security holes is not that difficult. But no one would forget to protect such systems with firewall and certainly no one would ever put them out on the Internet, to be reachable by anyone, right? Not really – several mobile operators with millions of active users have put the most important system they own out on the Internet.

Karsten Nohl continued his series of mobile technology hacks and this time he focused on the SIM card. He found a vulnerability in firmware signing of several SIM cards, which allows complete remote cloning, locating the user or calling the attacker-chosen phone number at any time. Effectively this way an attacker can transform a phone with a SIM card to a surveillance bug, which intercepts not only what you say, but also where you are. Some mobile operators stated that their SIM cards are not vulnerable – at least our SIM cards were OK. But you should be aware that mobile phone operators change their SIM card technology, and while the newest cards may not be vulnerable, when was the last time you actually changed the SIM card?

Like at other hacker camps, what is happening outside of the official program is usually much more fun and interesting. Workshops, technology demonstrations and dance floors gave us perhaps more than mere lectures. Opportunity to meet interesting people from different fields of science, technology and art is almost priceless. And the biggest surprise? Flying ostrich. Do you say that ostriches do not fly? That is true, but not at hacker camps, where they replace their inside with an engine and add few rotors on top. And voilà, the ostrich can fly. I saw it with my own eyes.

Stuck Bitcoin transaction and play with double-spend

A few days ago I was sending my friend a payment of 1.2 BTC. My account had only slightly more than this amount available, not even enough for recommended transaction fee. Instead of borrowing or waiting for a miner to generate more, I decided I would push a transaction with a much smaller fee to the network and hope it gets confirmed in under a day. It did not happen. According to Bitcoin wiki, a transaction needs to pay the recommended fee unless all outputs are more than 0.1 BTC and few other conditions. I did not meet this condition, because I had one 1.2 BTC output and one change which was smaller than transaction fee. It was stuck there for more than a day, my mining pool paid me, so I decided I want to just cancel this transaction and create a new one with a proper fee. Easier said than done :).

I use Electrum as a client – it is much better than stock Bitcoin client and there’s a nice console. I was able to extract the transaction and try to modify it to include the fee. The interface is not so nice, or at least I am too lame. I got the transaction as a JSON structure from Wallet object by transaction hash. I was not able to easily create a different transaction without going through manually finding keys to sign.

mktx does not work, because I don’t have enough unspent outputs (same as paying from the GUI).

createrawtransaction is something I managed to do, but then for signing, I would need a list of private keys, addresses and scripts. My transaction had more than 10 inputs and I was too lazy to find which keys belonged to the other addresses (and if it’s possible to do it programatically, there should be a function to do it – I guess that’s what mktx does internally too). I guess it should work with less parameters per documentation, but the console call insisted I fill all the parameters.

I found out a very lame and easy solution. I thought if Electrum does not see the old transaction, it can spend the inputs again. So I changed wallet.py. There’s a function called update_tx_outputs that takes a tx_hash and updates a list of spent outputs. I modified it like this:

 def update_tx_outputs(self, tx_hash): if tx_hash == '00455149b368344f4087596c97dccf9dc185ed275a58187a63f72399618f815d': return tx = self.transactions.get(tx_hash) ... 

So if my transaction (the hash is from other stuck transaction I found online) is found, it’s skipped, so Electrum thinks the outputs are not spent.

I thought I would just pay, but the transaction got refused by Electrum server, because it thought it’s a double spend (which was correct). So I used mktx and used Coinb.in’s wonderful Raw Transaction utilities to broadcast the hash to the network. It also returned that the transaction is invalid, but it propagated anyway and a miner included it in a block.

I found out that blockchain.info reports on attempts to double spend when I look at a transaction or address and recommends you proceed with caution.

Takeaways: Pay the transaction fee, really. Nodes try to refuse double spends (they cache stuck transactions), but the transaction eventually propagates. Electrum could have much nicer Python interface for things.

I guess Amir’s sx command-line utility would make my life much easier, but I had no time to upgrade my g++ toolchain, it does not compile on any system I own. Installing Ubuntu or ArchLinux just because I want to play with it takes a lot of time. I tried fixing a few of the main problems of libbitcoin not compiling on OS X, but I had no more time doing it. I would love to use sx with OS X or Scientific Linux someday. Playing with Electrum and it’s internals is fun too though.

Spying, liberty, NSA and USA vs. Europe

When I discussed the loss of American liberties with people here in Europe few years ago, my position was simple – we get the same draconian regulations without any opposition or fanfare here in Europe. Remember export controls of cryptography? We should have been fighting against this barrier because it was primarily against our interests and privacy. The people in the U.S. got the benefits of cryptography anyway (short of some patent issues). They fought the battle anyway – on principle.

Do you remember Communication Decency Act of 1996? The Americans fought against it. There were blogs and strong opposition.

Do you remember data retention? Massive campaign against it in the U.S., a press release that said that a new law passed here in Slovakia. A press release, no discussion, no opposition. “We are just implementing European regulation”.

I always regarded Americans as liberty-minded and people who speak up when their liberties are about to be taken away from them.

That is until recently. While information about massive surveillance programs of NSA are nothing new. I wrote about Echelon (and ways to protect yourselves) in my book in 2002. Thomas Drake and William Binney are both ex-NSA employees and they both mentioned these programs before. There are several videos of them talking about the program on YouTube. It was easy to mistake all these report for conspiracy theories and not act upon this information.

With the information release by Edward Snowden, we now positively know that communication on the Internet is surveilled in real-time and recorded for unknown time by the NSA. We know that e-mail, telephone conversations, Facebook chat, Google communication tools, HTTP requests, SWIFT and credit card payments are all included. This huge world-wide privacy breach was revealed. And what happened? Nothing.

I mean it’s great that Mr. Snowden could at least walk out of the Moscow airport and have a life. What should have happened? People out in the streets demanding their privacy back. The state should have apologized to Snowden and to the public for their crimes. Something should have changed.

It seems that the American public does not care anymore. It’s exhausted from the financial crisis, sceptical about the issues around us. The failure of Occupy movement to bring any real change to the world, the gloom caused by the financial crisis, the reality of doing more of what caused the crash. The wars, the drones, the kill list.

Americans are tired; they no longer care about their freedoms. And that’s too sad. It means the the Illuminati can do whatever they want now. And they will use this opportunity.

On darkness: Your fear of death attracts such strange objects

I am widely known for listening to darker genres of music. It makes some people feel I am a complete weirdo (which is true). A few weeks ago I was sitting in a cab with a full album (!) of Aqua playing on a radio. Happy songs of happy days, so unauthentic. It thankfully ended with me putting my headphones on :).

Why do we fear darkness? When walking on a street at night, with no lights on, we don’t fear darkness itself; we fear that something unseen could harm us. The fact? It can happen on a clear day. Thanks to bystander effect, we are not even much safer during the day.

Getting comfortable with darkness, with things that seem evil and with the unknown is a huge asset in life. Our minds infer causation from correlation. We fear darkness because it may be evil and we fear it because it’s unknown. And then we infer that the unknown is evil, which is incorrect. There’s so much hatred and misunderstanding in this world already.

Happy songs with happy melodies, positive texts and beautiful performers have their place in this world. But there are tracks that are unexpected. Computer-generated noise, glitches and yelling can come at any time. And that prepares us to understand that dark and unexpected is not evil (please show me a person who died of listening to dark music if you disagree). While happy music can increase our mood, from the unexpected, we learn.

Here’s an interview with Coil about the same topic.

My favorite bands that are dark, but nice are Coil, Current 93, The Residents, Orphx and The Kilimanjaro Darkjazz Ensemble.

Raspberry Pi and Block Erupter on Fidora

My AsicMiner Block Erupter USB miners arrived a few days ago thanks to Andreas and people from Bitcoin Austria who processed the order and the chief Bitcoin economist Peter Šurda who drove them to Progressbar. I shipped some of them abroad to friends.

Although I appreciate the work guys that created minepeon do, I decided to go with pure Pidora as I believe using more generic distribution accounts for faster updates and makes it easier to use my Raspberry Pi for other things than just mining. This is debatable, as this is my first and only Raspberry Pi and it has been sitting on my window shelf for almost a year.

Anyway, this is how you get your block erupter running fast and easy under Pidora (and I guess any other Fedora-based distribution if you choose not to use Raspberry Pi):

 # screen is optional, but I like to run cgminer in screen and we will make it autostart in screen yum install libusb-devel libcurl libcurl-devel libudev-devel ncurses-libs ncurses-devel git gcc screen autoconf automake libusb1-devel libusbx-devel libusb libusb1 libusbx # current version of cgminer from git has working hotplug support for USB miners git clone https://github.com/ckolivas/cgminer.git cd cgminer ./configure --enable-icarus make && make install 

run cgminer to create config, in the menu, save the config file.

If mining is working, create /usr/local/bin/start_miner.sh with this content:

#!/bin/sh screen -dmS miner -- /usr/local/bin/cgminer -c /root/.cgminer/cgminer.conf 

Create /etc/systemd/system/cgminer.service with this content:

[Unit] Description=CGMiner Service After=network.target [Service] ExecStart=/usr/local/bin/start_miner.sh Type=forking [Install] WantedBy=multi-user.target 

Now make it a service and try it out:

chmod a+x /usr/local/bin/start_miner.sh systemctl daemon-reload systemctl start cgminer.service 

Now you attach the screen and make sure it’s working:

screen -x 

If all is well, make it run on boot:

systemctl enable cgminer.service 

I really like systemd instead of init.d scripts. I liked SMF from Solaris 10 for booting things up, but since Oracle ditched Solaris out of the window, I switched to Red Hat-based systems. The only thing I do not like about systemd is the estetical equivalent of .ini files from ancient DOS times. There has to be a better way to write configuration (no, I am not talking about XML).

Anyway, happy mining and remember – it’s just for fun, you will most probably not get a return on this investment anytime soon (the most optimistic scenario is 8 months, I would say two years if ever).

Are we going to be slaves of algorithms?

Server idnes.cz published an interview with Josef Šlerka, an expert on new media (translation by Google Translate). He warns that we can become slaves to algorithms that we do not understand. This issue has been raised repeatedly in media. I don’t doubt the fact that the algorithms are much more important in our lives than ever before. I do not think that we understand all algorithms – especially neural networks are problematic in this regard because we do not know exactly why the network made a particular decision. We can only tell how well the network performs given the inputs and outputs used during training phase. Corner cases are sometimes unknown and analytical understanding in extreme situations is quite difficult. Let me, however, explain my slightly different and less pessimistic view on the role of algorithms in our lives.

Mr. Šlerka mentioned an experiment, in which Lukasz Barabasz showed that given location information of people during a longer time period, he is able to predict a person’s location the next day at a given time. He used data collected from cell towers. The problem in this case is not a prediction algorithm – it is quite simple and it performs pretty well (and in this case, we understand it pretty well too). We are just being predictable. If you have something to worry about in this example, it is the possibility to collect data (what Mr. Šlerka also mentions). There is even a scarier algorithm that can identify a particular person by their movement itself (even if it’s recorded with a different device). Our movement is like a fingerprint.

The problem is not the algorithm. The algorithm is like a mathematical equation – when you invent it, it exists. Inventions like this cannot be “undone” – it is not possible to forget or ban it once it’s out. Algorithm is like an idea. If we really care about our privacy, blaming the algorithms will not help. We need to make sure that these algorithms do not have enough inputs to do things we do not want them to do. Is it possible to create anonymized mobile phones, where the operator know how much to bill us, but does not know our location at any time? I bet it is possible, but is there enough consumer demand?

Quote praised in headline of the article reads (translation from Czech is mine): “With the advent of technology and applications of artificial intelligence and neural networks, the majority of people loses understanding about what a computer does, and how it makes it’s decisions. In other words, we become slaves to algorithms we do not understand. “

Let’s talk about two different methods of decision-making – i.e. “table-based decisions” and “fuzzy” decision. Computers have been criticized for being to discreet, for having no smooth decision area. They were not human enough. An example “table” decision process is for example deciding whether an ATM (algorithm) or a bank clerk (person) should let you withdraw money from your account. Both decisions are based on the same table: If the available account balance is greater than or equal to the amount the customer wants to withdraw, customer gets their money. If it is less, do not allow this withdrawal. The algorithm is the same for human beings and machines and we understand it very well.

How about a loan? Bank clerk can say “This customer looks insincere” or he “was too nervous.” Alternatively officer does not trust that the underlying business plan of a company asking for a loan is sound. This is not a table-based decision – the bank representative decides on the basis of their feeling, which can be justified, but surely it cannot be explained in exact terms. Another bank clerk could decide differently.

The algorithm for bank loans is (or can be) similar to this line of thinking. We taught the algorithm that people with certain credit profile do not pay back. The input can be: financial behavior (as learned from the customer’s history in the bank), age, number of children or any other additional information available to the bank. If the algorithm is based on neural network, it could just say “loan rejected”. No explanation. In most cases, the neural network’s output is a score on some scale (for example 0 to 1), in which case a negative decision is something closer to zero (or less than some predefined threshold). We do not know why exactly the network’s output is a particular score.

A common example of algorithm critics is high frequency trading (HFT). HFT algorithms are used very successfully for several years. A human being simply cannot make decisions about buying and selling of a variety of asset classes several times per second. Can they cause a crisis? A common example that they can get “crazy” is the book The Making of a Fly by Peter Lawrence, which sold on Amazon marketplace for $1,730,045.91 due to an algorithm that set this price. The problem was that there were two competing algorithms. They go through Amazon marketplace and try to find rare products and offer them at a higher price than other sellers. When someone buys a book from a seller that has a higher price (e.g. due to higher reputation of the seller), the author of this algorithm orders the book from a dealer with a lower price. When it arrives, they deliver it to final customer and keep the price difference as profit. It gets interesting when the original item is sold and the only vendors are the automated trading bots. They start to raise prices to top up the best available seller. And depending on the periodicity of checking and harvesting the marketplace, the price starts going up. Neither of the seller has the goods available. They rely on each other for delivering the nonexistent product. The algorithm tries to make a profit and this corner conditions are not accounted for – so they get “crazy” while seeking profit…

Are we different? During 1636-1637 we witnessed one of the first bubbles. In the Netherlands, tulips have become popular and everyone wanted this beautiful flower (or it’s bulb actually). Many people wanted it because of it’s inherent beauty, but a lot more people perceived the price increase and wanted to buy cheap and sell for more later. The result was a bubble and its collapse. In the winter of 1636-1637, some bulbs changed hands ten times a day. During the peak of the bubble in February 1637, some onions sold for more than ten times the annual income of a skilled craftsman. People went crazy for a while. Do algorithms really behave differently to us or they are just getting more similar to us? Isn’t that what worries us?

Shai Danziger of the University of the Negev has done an interesting research on the Israeli judicial system. He examined the results of 1112 parole hearings. The judges had an average of 22 years of experience and their decisions accounted for 40% of cases of parole decisions during the investigated 10-month period. The results are quite uncomfortable for justice: Judges decided in favor of parole before their morning snack, lunch and before the end of working hours with much lower probability. Parole was granted in up to 20% of cases. Immediately after a meal, the chance of a positive decision was 65%. Note that this is no small statistical error, but a significant difference.

Our decisions are controlled by a number of factors we do not understand. Our neural network in the brain makes decisions that we not only don’t understand, but they are not consistent. The level of certain hormones in our body, mood, concentration, and hunger, even the lighting, biases us. These biases are significant and affect lives of people around us (such as judges granting or not granting parole based on when they ate).

If we are asking ourselves whether we are slaves to algorithms we do not understand, I would first ask: Aren’t we slaves to senseless human decisions we do not understand right now? The algorithm decides consistently and if it is flawed, we can at least quickly find out and fix it. Can we fix people this way?

Personally, I would not neither overestimate nor underestimate the role and threat of algorithms. They are tools for people. Let’s talk about what data are collected about us. That is what gets abused. If it is a person looking at a data or a highly efficient algorithm, it does not make such a difference. What external organizations (or people, companies, States) have power over our lives? Rather than adding algorithms to what we should “fight against”, I decided to become interested in the necessary conditions for their functions – data collection. Let’s not fear the algorithms. Let’s fight against everything that we can control that limits our freedom. Whether it’s an algorithm, hungry judge or greedy state backed the wrong econometric model…

Experiments with ZRTP and FreeSwitch

ZRTP is very important project for securing your voice communication. I started playing with Jitsi, Acrobits Softphone and FreeSWITCH.

What I found out after initial configuration of ZRTP for FreeSwitch is that FreeSwitch attempts to negotiate ZRTP keys and act as a trusted man in the middle. I wanted to avoid that and provide end to end encryption. The magic option that would allow direct passthrough of ZRTP to the endpoint is enabling:

<!--Uncomment to set all inbound calls to proxy media mode--> <param name="inbound-proxy-media" value="true"/> 

in conf/sip_profiles/internal.xml.

Other funny thing I found out is how many bots are out there trying to abuse my softswitch. This happened a few hours after setting up FreeSwitch on public IP (that was never used as a SIP server before). I have run tcpdump capturing only UDP on 5600:

[root@softswitch ~]# strings output.pcap |wc -l 37235 [root@softswitch ~]# strings output.pcap |grep To: | wc -l 2833 [root@softswitch ~]# strings output.pcap |grep To:| uniq | head -n 5 To: "J" <sip:1001@203.0.113.7> To: "J" <sip:1001@203.0.113.7>;tag=U4SvF45vSBeeN To: "J" <sip:1001@203.0.113.7> To: "J" <sip:1001@203.0.113.7>;tag=vDKNHZp0pm40g To: <sip:1001@203.0.113.7> [root@softswitch ~]# strings output.pcap |grep To:| uniq | tail -n 5 To: 700972597727055 <sip:700972597727055@203.0.113.7>;tag=Uy4Dmj5jN0NHB To: 700972597727055<sip:700972597727055@203.0.113.7> To: 700972597727055 <sip:700972597727055@203.0.113.7> To: 700972597727055 <sip:700972597727055@203.0.113.7>;tag=v7X6NDppj9B4p To: 001972597727055 <sip:001972597727055@203.0.113.7>;tag=jD1e4yDKFgD9j [root@softswitch ~]# strings output.pcap |grep -i nonce| uniq | head -n 10 Proxy-Authorization: Digest username="2010",realm="203.0.113.7",nonce="9613eafe-5920-11e2-84ca-eb9dba96f036",uri="sip:00972592819732@203.0.113.7",response="264f1ab22fa5dacafc01387032228446",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 Proxy-Authorization: Digest username="2010",realm="203.0.113.7",nonce="96dbcfa6-5920-11e2-84cc-eb9dba96f036",uri="sip:000972592819732@203.0.113.7",response="512df72182d278d705a2160ba15f4a0f",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 Proxy-Authorization: Digest username="2010",realm="203.0.113.7",nonce="97630552-5920-11e2-84ce-eb9dba96f036",uri="sip:900972592819732@203.0.113.7",response="a45fc82a1d632a8890f777716b7935f5",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 Proxy-Authorization: Digest username="2012",realm="203.0.113.7",nonce="0b1a9a5a-5926-11e2-84d4-eb9dba96f036",uri="sip:00972592819732@203.0.113.7",response="c5590c623d654384f83ff04da785a197",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 Proxy-Authorization: Digest username="2012",realm="203.0.113.7",nonce="0c7a5b10-5926-11e2-84d6-eb9dba96f036",uri="sip:000972592819732@203.0.113.7",response="f581d146cb370170764fa8f54bd4b360",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 Proxy-Authorization: Digest username="2012",realm="203.0.113.7",nonce="0dc65ae6-5926-11e2-84d8-eb9dba96f036",uri="sip:900972592819732@203.0.113.7",response="d522d9a645bd6b3a47a8d5091b73b0f4",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 Proxy-Authorization: Digest username="2020",realm="203.0.113.7",nonce="811aaa42-592b-11e2-84de-eb9dba96f036",uri="sip:00972592819732@203.0.113.7",response="407a62e3cc1dcadad13e5e672a8cdb88",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 Proxy-Authorization: Digest username="2020",realm="203.0.113.7",nonce="826543b2-592b-11e2-84e2-eb9dba96f036",uri="sip:000972592819732@203.0.113.7",response="f803d9c9687217fc97829bc317933c6e",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 Proxy-Authorization: Digest username="2020",realm="203.0.113.7",nonce="83df2bfe-592b-11e2-84e4-eb9dba96f036",uri="sip:900972592819732@203.0.113.7",response="5e11b2531e86709427c9eea542203cd9",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 Proxy-Authorization: Digest username="301",realm="203.0.113.7",nonce="2e81b5a4-592c-11e2-84e9-eb9dba96f036",uri="sip:00972597727055@203.0.113.7",response="156ef65fecbe325882b48b555ec92cd4",cnonce="4b41f53e6f00c05",nc=00000001,qop="auth",algorithm=MD5 

For those that are not that familiar with UNIX, this basically means, that there are bots (or botnets) out there trying to brute-force your password and call out. That means you need to change your password before running FreeSwitch for the first time.

I used a good (although older) tutorial about starting with FreeSwitch.

Moral reform by Ztohoven: An ultimate hack

Almost nobody would guess that the speech of Czech MP David Rath would start a moral reform in the country. Rath was arrested and charged with receiving bribes in May 2012. He had a chance to explain what happened to other MPs, who would then vote on his political immunity. His words were not addressing the fellow MPs. He was looking at the cameras and trying to create a sentiment in the Czech nation. He pointed out other cases of corruption. The moral reform was not coming from his words nor from his heart. It was happening in parallel to his speech. And he was the only one that did not notice.

In contrast to his fellow citizens, Karel Schwarzenberg (minister of foreign affairs)  was not moved by Rath’s words. He did what every sane person in that situation would do – he fell asleep. From that place where dreams melt with reality of TV cameras filming bored politicians he sent a text message to Karolína Peake (Deputy Prime Minister of the Czech Republic).

Miss Peake was not moved by heart-breaking speech of Rath either. The cameras caught her black ThinkPad, as she was sitting right behind the speaker, but we could not see its screen. We could read her face though and it kept saying: “I don’t care what’s around, I am doing something more important”. Probably reading e-mail. Or browsing Facebook. She almost forgot that the whole country is watching her. Then she woke up – from the place where we escape when we wait at the doctor’s office – when her phone vibrated. She received a text. Although we already know what it said, at that time, we could only see her reaction: She smiled, her hand swept through her hair and she got a rush of energy. She probably decided to share that text with someone…

Karel Schwarzenberg (TOP 09) -> Karolína Peake (independent)

“Watching what goes on these days, I realize that we need to stop doing that. We need to do something, something important. Something that will change our whole society from scratch”

Few minutes later something unexpected happened at the house of parliament. No, David Rath did not apologize for his corrupt behaviour. His speech was still directed at citizens, trying hard to make them emotional. He probably learned that from other heart-breaking speeches by many other politicians that use this technique to influence the public. Something was in the air. Whispering started in the house of parliament.

Jan Hamáček (ČSSD) -> Alexandr Vondra (ODS)

“We all have something on each other – a mutual deadlock. I feel really bad about it. Moral reform is the only way out of it. Let’s grasp this opportunity”.

More and more of these text messages (SMS) started to spread – between MPs, between heads of political parties, between press representatives and journalists. Both directions. Everyone was joining the moral reform. Everyone wanted to know more. The texts were promising a press conference that would explain the concept of moral reform to journalists and citizens. Rath did not finish yet, but something was going on here. How is it possible that Karel Schwarzenberg managed to write a message while sleeping? How is it possible that colleagues sitting next to each other exchanged messages without even touching their phones? The answer was in the text. “Moral reform is the only way out of it.” (“Morální reforma je jediná možnost jak z toho ven”)

Ztohoven is a Czech art group that is formed and then dismantled with every action they do. They became famous when they transformed the giant neon heart at Prague Castle (seat of the president) into a large red question mark. Their most famous artwork is their pirate broadcast of nuclear explosion above Krkonoše mountains on Czech Public Television (see more in the documentary about this project – English subtitles included). Project “Media Reality” was seeking an answer to question “Do people believe in what media present us as reality?”. TV cameras that are broadcasting live footage from Czech ski resorts (even during the summer) apparently were not secured that well. This group of artists managed to broadcast their own signal instead of live feed to the transmitter, replacing colorful panoramas of the Czech countryside with the atomic blast. This did not cause nation-wide panic, but a discussion about questions like “What is art?” and “Does this threaten the public?”. Discussion ended up in the court…

Ztohoven prepared a documentary (in co-production with Czech TV – which is really nice, considering their previous conflict about the explosion) about their other project. It’s name Občan K. (Citizen K.) is inspired by Franz Kafka. It is about identity and identification. What would it be like to be someone else for a while? How would it be to renounce your own identity? Twelve members of the group decided to try on their own. They took pictures of them in black T-Shirts and used image morphing software to create “inter-identities” – a little bit of me and a little bit of the other guy. Then they took the photo and requested a new state-issued ID card (in Czech republic – unlike other countries – you bring your own photo to use)…

When they had this new ID card, they requested passport, visa to China, gun permit and even a wedding certificate – during the wedding, the groom and the best man had to exchange, because their identities were exchanged and the bride wanted her husband’s real name on the certificate.

According to the state, we are all equal. They do not care about us when we pay taxes, do not break law and generally get out of the way. The bureaucrats do not communicate with people, but with rows in the database and their ID cards. The human being is usually only there to hand over the ID card to the state employee.  They only notice a face when they try to compare the picture on the ID to the face of it’s owner. From that point on, we are just a record in the database. You can find more about the project in the documentary Občan Ztohoven that is right now in Czech cinemas and will be touring world documentary film festivals soon.

Projects of the group are not taking place in a gallery – they occur in “public space”. Museums and galleries are only visited by hipsters and tourists anyway. The “public space” as their location is almost the only thing that the projects have in common – it is very difficult to predict their next project.

Members of the group have rarely control over the result of the project. Most of the people learn about them from media and that means that they only get to know the media interpretation. It is very interesting that the public is almost always on their side. Although public support is very important (even in court), the members never know what consequences would their projects have. When they were sending the texts to the members of parliament, they could have changed voting or cause panic. But did they want to do that? Did they want to cause panic or change votes? It’s sad that media wrote that “Hackers attacked mobile phones of members of parliament”. The content – the Moral Reform – was probably not so interesting as the hacker attack. MPs did not disapprove of the project (how could someone disapprove of Moral Reform?), but they never spoke about it. Media was focusing on the fact that someone can send fake text messages and getting hold of phone numbers of most MPs, the president and relevant journalists. They did not focus on the fact that our world needs a real moral reform. Maybe that’s the reason that the members of Ztohoven call their projects “media sculptures” – they can set the funding stone, but the resulting shape of the project is usually formed by the media. And most of foreign media totally ignored this project. What a pity.

People usually do not like to think about structures – in a mathematical sense. Almost everyone is interested in means and content, not in relations between objects. People are interested in who voted for and who voted against something (this is actually a better case – when people are interested at all). Few people are interested in the actual meaning of a law. There is little discussion about the power structure of the parliament – who says the MPs how to vote (no, they do not read all the law that they vote for). Moral Reform is much more than a mirror of morality of politicians. It shows the structure of power in Czech Republic (see the project’s web page at www.ztohoven.com/mr/index-en.html). You can see who communicates with the media, who tells the members of political parties how to vote. Who is a carrier of change and who is a voting puppet? I suggest checking out the text messages not in a list, but in the graphic representation of parliament, where you can see how information is spread. Of course this interpretation of structure of power was created by members of Ztohoven, but it is very scary when you think about how the dramaturgy and “screenplay” resembles the reality. When one politician showed the journalists the fake text he got from Radek John and let them take a picture, he did not realize that there was an older message from the same politician that said “Skokan pacified”. Both Petr Skokan, MP for Veci veřejné and Radek John decided not to comment…

Sometimes I wish we had Ztohoven in our country. There are not many people that ask the right questions. There are almost none that ask the difficult ones. I am trying to imagine what would happen if Moral reform really happened – if politicians really decided to end corruption and be better. If they would understand that they are here to serve us. Maybe it’s evolutionary – those that are politicians are there because they have the ability to speak well in front of people, to touch their hearts and transfer emotion. About doubling wages, about security, economy, the nation, education, the Europe and the bright future… And for some reason, people base their “voting” on that. If the only quality that people in the parliament are capable of is to speak to the hearts of people, are they able of real transformation from inside? Are they capable of moral reform? Every politician is able to tell the public that they let go of their past and focus on the future. Are they capable of actually doing it?

Václav Klaus, president of Czech Republic -> heads of political parties

“Mister chairman, I urgently ask you to come to the Castle today. I would like to talk to you about the Moral reform.”

It is sad that this text came from a dream of Ztohoven and even though all heads of political parties actually received it, it was not sent from the phone of the president. We are still waiting for the moral reform to come…

Backing up your github repositories

I put a lot of my free software to Github lately. Github is nice, it allows community forks and other great things. But what if it is gone? For that, we have backups. Do we?

We should.

Addy Osmani wrote about backup up your github repositories. He gave three solution. The second one did not work for me and I was too lazy to debug, the third one required Haskell and some additional libraries (I will learn Haskell, but not at 6am), so I adapted the first solution. It is pretty simple, but used github v2 API and it is no longer supported.

So updated version is here, I also added some shell escaping (although if you backed up someone else’s repository, I suggest checking for filename-significant characters too).

This backups all your public repositories (that’s what I use). I use it with duplicity for secure backup (and restore) by encrypting on client side (please take good care of your PGP private key if you do this).