Manfred Touron

How to Join and Contribute to Open Source Communities (presentation)

Many developers have misconceptions about open source collaboration. Being a bit shy and afraid to make a mistake is a frequent reason for not contributing, and so is just not knowing about how to start. This talk will share lessons learned about open collaboration, both for project leads and independent contributors.

A talk I gave at Paris P2P Festival #0.


Topics:

  • Why I love Open-Source, and so should you
  • How to be a good contributor
  • How to open your projects

Video


Slides

Loading...

Link to the presentation

Download slides

P2P & Crypto in Go (presentation)

A talk I gave at Golang Paris.


Topics:

  • P2P
    • General introduction
    • P2P & Go
  • Cryptography
    • General Introduction
    • Cryptography & Go
  • Berty
    • Project introduction
    • Berty & Go
  • Paris P2P

Loading...

Link to the presentation

Security of Wireless Devices

Security of Wireless Devices

When wireless technologies were still nascent, they didn’t pose too many security risks. Potential weak points weren’t yet discovered and even when wireless devices began to be widely introduced, the risks were relatively small. Nowadays, however, that has notably changed.

The value of information and the prospect of capitalizing on unsuspecting victims have drawn attention from malicious attackers. The previously unexploited security flaws of wireless technology are now under constant siege by potential intruders.

The concern that many people have is the idea that once they’re transmitting wirelessly, what’s to prevent someone from “listening in” on the transmission.

Wireless Communication Technologies

Many wireless networks are commonly used all around us, and each has its advantages and shortcomings when it comes to security. Here’s a breakdown of how they stack up in terms of security and some familiar use cases for each.

Wi-Fi

Our constant companion in the modern world. Wi-Fi is present in some shape or form almost everywhere around us. And with the United Nations declaring internet access a human right, it will probably be as ubiquitous as electrical power in the near future. However, concerns about this technology have hounded it since its inception.

On the whole, Wi-Fi is safe when used with the proper precautions, but there are also many situations that expose us to threats. In principle, Wi-Fi is similar to other technologies in that it consists of a radio frequency transmitter and an RF receiver.

Using a private Wi-Fi network in your home isn’t risky, but open, public, and customer Wi-Fi networks are not — generally speaking — very safe. Open Wi-Fi networks, in particular, are stomping grounds for malicious attackers. Open networks are offered by some businesses but they should be avoided, if at all possible, because there is no way to make sure no one is intercepting data.

Whenever possible, use an ethernet connection over Wi-Fi to reduce the risks associated with the technology.

Home security cameras are a case where Wi-Fi security is crucial. If the connection between the camera and the Wi-Fi router isn’t safe, attackers can easily access the camera feed. It’s recommended to use the latest encryption standards (WPA2 with AES) on your router and choose strong passwords. Also, buying home cameras from reputable sources such as Wyze Labs will make sure they have the latest security features.

3G

3G is the third generation of mobile wireless technology. It represents a significant upgrade to the standards used in 2G networks. The increase in transfer rates made it possible for many new applications and services that weren’t feasible on slower networks.

From the outset, 3G (and for that matter, 4G) had relatively weak encryption. The glaring weakness of these networks is that their encryption only exists from the device to the base station. Once the data reaches the wired network, there is no encryption.

Now, that doesn’t mean that it’s unsafe, but if an attacker is motivated enough, they could gain access to that unencrypted data. But, most of the applications that you use are likely to have end-to-end encryption, so the main potential threats are phone calls and text messages.

What’s more, even for the secured data, encryption protocols are not very secure. The A5/2 encryption method, which most 3G transmissions use, was cracked within a month of the technology being released.

Whenever you don’t need access to your network, consider putting your device on airplane mode. That way it won’t send or receive any information and it’s practically shielded from most attacks.

Bluetooth

Bluetooth is the standard for short-distance wireless devices. It was conceived in the late 80s to be used in the development of wireless headsets for mobile phones. The technology was quickly adopted for many different uses and continues to be a popular choice.

Like all wireless technology, Bluetooth transmissions are vulnerable to remote attack and spying. However, the security of a Bluetooth link will depend on the protocol being used. Different devices may use different Bluetooth standards and therefore are more or less prone to security breaches. The current standard is Bluetooth 5 but most devices are still using older standards.

The Apple Watch, for instance, uses Bluetooth Low Energy technology. This particular standard is easy to extract information from, but Apple uses a series of privacy protection measures that make it difficult to get any useful data. For instance, Apple products switch their Bluetooth LE address every 15 minutes. This prevents a snoop from getting any accurate data about who owns the device.

In contrast, other fitness trackers — such as the Fitbit — use a fixed address value. Since this value is unique and unchanging, it’s trivial to recognize and track the user via their device. Most Bluetooth LE devices constantly transmit advertising packets, which lets other devices know they’re present.

These packets, however, can be intercepted by any device and while they don’t grant access to the transmitting device, they do carry some identifying information. A good strategy is to only sync fitness trackers at home to prevent access to your data while you’re in public.

Another risk involves Bluetooth keyboards. In theory, wireless keyboards should be encrypting what they send to the receiver. So that even if someone were to have access to the data, all they’d see is an encrypted mess of data. However, in practice, most keyboard manufacturers use weak encryption protocols or, in some cases, none at all. A cybersecurity company looked into this in 2016 and found that eight major Bluetooth keyboard manufacturers used little to no encryption in their products.

This doesn’t mean that Bluetooth keyboards aren’t safe, in fact, Apple’s keyboards boast some of the best Bluetooth encryption out there. But most of the security is going to be from the pairing process.

That’s true of most Bluetooth devices. While some identifying information may be retrievable, the actual data they transmit is hard to access unless the device is allowed to pair up with a receiver. That goes for Bluetooth headset, mice, and other peripherals as well.

RFID

Radiofrequency Identification has been around for a very long time. Its most recent incarnation is RFID tags. These tiny devices are essentially dormant until they come into close proximity to an RFID reader. The reader provides the power necessary for the tag to transmit its data and the reader can then receive it. It’s simple enough but not terribly safe.

Things like RFID-enabled passports and credit cards pose a concern for many people. Sure enough, it has been demonstrated that RFID “skimming” is not only possible but quite easy to do. Because the RFID tag doesn’t discriminate about who receives the information, it will provide it to any reader that requests it.

In practice, very little RFID crime is reported, but the potential is always there. Experiments with directed antennas have shown that it’s possible to read RFID tags from up to hundreds of feet away.

Newer generations of RFID credit cards and passports are beginning to use encrypted data which will make it a lot harder to access the information. A good way to reduce risks is by using RFID-blocking wallets or “faraday” bags. These prevent any radio signals from reaching the devices inside.

Remote Keyless Systems in Cars

Many cars use this system, which does everything a standard car key can but without physical contact. This includes entry to the car and keyless ignition. It started to see use in the 80s and today most cars have, at the very least, keyless entry.

It's a simple radio transmitter that sends a coded signal to a receiver in the car that is tied to that specific transmitter. The transmitter has to be paired with the car’s computer, which is usually only available to dealerships and manufacturers.

The vast majority of modern keyless systems use rolling code. This basically means that every time the key fob is used to activate a function in the car, a different code is sent. This prevents anyone from scanning for the code to gain access to the vehicle. Using the same code again will not work. The remote control and the receiver use an encrypted system to share codewords.

These systems are still vulnerable to a specific kind of attack. A device can “jam” the first code used to unlock a vehicle and record it. When the vehicle owner tries again, the device will allow that code through while retaining the first one for future use.

Keep Up with Security

Wireless technologies will always be susceptible to attacks. These are only some of the most popular ones in use, but more are being developed every day. While it falls outside of the scope of this article to describe every technology in detail, you should take it upon yourself to learn the best security practices and habits for your devices.

Information is the most valuable currency and keeping yours should be a top priority. Keep your wireless devices safely stored when not in use. When they are in use, do everything you can to minimize your exposure to threats. An ounce of prevention is worth a pound of cure when it comes to wireless security.

What You Should Know About The History of P2P

Peer-to-peer sharing was a feature of the defunct ARPANET of 1969. As technology advanced, so did the government and entertainment industry giants’ efforts to suppress file-sharing.

However, P2P has survived well into the 21st century and it seems that the best is yet to come for the P2P community. Numerous new technologies are springing up and innovations and improvements are constantly being introduced.

Crash Course on the History of P2P

File sharing began back when the first computer networks were introduced. The ARPANET allowed users to send and receive files directly – that was back in 1969. One of the earliest transfer protocols was FTP (file transfer protocol). It was introduced in 1971.

In 1979, Usenet was born. It was primarily made for dial-up technology, but it made its way into the internet more than a decade later. Users could exchange files on bulletin boards. The video game Doom first became popular on bulletin boards in the early 1990s.

Two decades later in 1999, Napster was created, and with it, the modern era of modern P2P file sharing. Napster used a centralized indexing server, which would prove to be its downfall. Almost immediately after its introduction, Napster experienced a meteoric rise in popularity. By 2000, it had more than a million users. The next year, Metallica sued Napster and by the July of the same year, the service was shut down.

One year after Napster’s inception, Gnutella led a new wave. Unlike its predecessors, Gnutella was decentralized and allowed more people to use the platform at the same time. LimeWire is perhaps the most famous Gnutella client.

Current Technologies

Bittorrent

The next big step in the development of P2P file sharing happened in 2001 when Bram Cohen introduced Bittorrent. This platform is still in use today, one of the oldest and most widely used P2P protocols.

Bittorrent introduced a host of innovations. Users could search for files on online sites that contain trackers, while the file sharing happened directly between the users. This significantly improved transfer speeds. Additionally, Bittorrent clients would break a file into small fragments for multiple hosts, thus increasing the download speeds tremendously.

Blockchain

Bitcoin was introduced eight years after Bittorrent and it’s still in prevalent use today. Though it wasn’t designed for P2P file sharing, it brought about a new generation of P2P storage frameworks. It is based on blockchain.

Blockchain is so named for a constantly growing list of connected blocks. Each block or record contains data, a unique hash number, and the previous block’s hash. A blockchain is automatically updated every 10 minutes and uses a decentralized P2P network which anyone can join.

IPFS

IPFS (InterPlanetary File System) network and protocol were introduced in 2015. IPFS is the next step in P2P file sharing that works similarly to Bittorrent and other torrent protocols. Users can download as well as host content. There is no central server and each user has a small portion of a data package.

It is also similar to Blockchain in that it uses connected blocks protected with hash numbers. Also, the data within IPFS blocks can’t be easily manipulated without changing the block’s hash. However, IPFS does support file versioning.

Ether

Ether is another popular P2P sharing platform based on blockchain technology. It is somewhat similar to Bitcoin; Ethereum is the name of the cryptocurrency used on Ether network.

Ether was launched in 2014 as an open-source platform. You can use it to anonymously make transactions and share data with other users.

Similar to some other advanced Blockchain networks, Ether uses Smart Contracts. These are protocols designed to facilitate the execution of transactions by cutting out the middle man.

The Start of P2P

The initial vision of Tim Berners-Lee, regarded as the inventor of the World Wide Web, was for the internet to be similar to a P2P network. He envisioned the internet as a place where all users would and should be active content contributors and editors.

Its early precursor, the ARPANET, allowed two remote computers to send and receive data packets. However, it wasn’t a self-organized nor decentralized file-sharing system. Additionally, it didn’t support content and context-based routing.

Usenet addressed many of those issues, continuing and evolving the idea of a free internet.

The Continued Appeal of P2P

Nowadays, thanks to advanced technology, P2P networks can offer much more than content and context-based file searches. Some of the top reasons for using and improving P2P platforms today include:

  • Anonymity and privacy. P2P networks allow users to remain anonymous and protect their privacy on the network.
  • Cooperation and resource sharing. Many are drawn to P2P networks for the cooperation and sharing of resources.
  • Trust and accountability. Modern P2P networks are largely based on trust and the transactions have to be community approved.
  • Decentralization and lack of censorship. Today’s P2P networks are decentralized, thus preventing almost all forms of censorship. This ensures network neutrality.
  • Data integrity and encryption. Blockchain introduced hash numbers and proof-of-work. The latest innovations include encryption and smart contracts.

BitTorrent’s Struggle

The BitTorrent protocol remains popular even as almost two decades have passed since its introduction. It faced many adversities throughout the years in the form of more modern and advanced P2P platforms, poor business decisions on the part of its creator and his associates, and countless legal problems, even with the US government.

What kept BitTorrent alive all this time is the fact that it’s decentralized, easy to use, and built for easy transfers of huge amounts of data. Other than that, Facebook, Blizzard, and Twitter have openly admitted to using BitTorrent. Most importantly, the values of sharing and cooperation among BitTorrent users kept the flame burning through the dark times.

P2P Hall of Fame

Here’s a list of some of the most important people in the history of P2P sharing.

  • Tim Berners-Lee, inventor of the World Wide Web.
  • Sean Parker and Shawn Fanning, founders of Napster.
  • Bram Cohen, the mastermind behind the BitTorrent protocol.
  • Gottfrid Svartholm, Fredrik Neij, and Peter Sunde, creators of The Pirate Bay.
  • Satoshi Nakamoto, creator of Blockchain technology.

Final Words

P2P is starting to gain traction in the outside world. More and more people are adopting and incorporating the rules and ideas that govern P2P file-sharing technologies into their lives. This is especially true of self-organizing communities that sprung up in recent years.

Self-organizing communities share a number of values and principles characteristic of P2P technologies. They might be appealing to a wide range of individuals and groups, most notably those interested in cooperation and resource sharing, proponents of decentralization, and the occasional anarchistic souls.