Well this post is being written during my flight from Milan to Heathrow. I spent the last 3 days in Sicily/Italy talking with Giampaolo Bella and his students in University of Catania.
I can say they were really nice to me. Specially Giampaolo that in the beginning was a bit unsure about my ideas for the PhD, but in the end he told me that it could be nice to implement this as an extension of the inductive method. It was a relief, since I believe that Larry doesn't understand fully what I want, but he did. He also did something I was not used any more: he took me by hand and made me see good things and bad things I have been doing lately. In reality I felt that he was expecting a genius, and found just a mortal guy.
Either way, I gave a talk over there in Italian, and it is here:
Talk given in Catania from Jean Martina on Vimeo.
Wednesday 5 December 2007
PhD a vulcano of feelings
Wednesday 28 November 2007
Cambridge Bike Ride Series
Well as promised, this morning I generated more two videos of the Cambridge Bike Ride Series. This one is not so good (but better than the first), since I did in a hurry. The camera was not in the best position in my helmet and the path was really bumpy.
The things I modified was that I actually edited this one. Instead of putting the video in RAW mode I added some advertisement for my blog and a sound track. The original sound is horrible. I also tried to fit on the desires of people who commented my first video in you tube: Soundtrack (the same I was listening while cycling), cars, people, busy areas, and doing bad things on transit :)
I am publishing just one video today, because they need some editing, and this takes time. This video shows this route:
Show Full Map
Hope you like:
Tuesday 27 November 2007
Talk for the Authomated Reasoning Group
Today I gave a talk to Automated reasoning group here in Cambridge, trying to explain my PhD research. The video bellow shows the talk in full. Basically I explained the method I will be using and delimited the problem I plan to cover in my PhD. For those not in computer science, it just another bullshit :)
Well maybe not that bullshit, because it should be at least good enough to earn the PhD degree. Basically is a form to give assurance to secure communication protocols by proving (in mathematical style) that the protocol has the properties expected.
After filming the video, I started another quest: Upload to someplace and make usable in my blog. I uploaded it (just a bit more that 110Mb, and made with my mobile) to youtube, but they just allow films with no more than 10 mins (mine has 28). I did some research and actually found viemo, which according with the reviews has the best post processing codec and allow people to upload more that just 10 mins.
It may look idiot, but because incapacity of youtube engineers in creating an engine to search for proprietary content, and to avoid people uploading entire movies (as if they would no spilt in small chunks) the created this ridiculous constraint.
Next week I will post the same talk in Italian, since I will be presenting it in Universita di Catania, in the mWSF07 - The 2007 miniWorkshop on Security Frameworks I hope you all like the distraction.
じゃん えべるそん
Well this post is to show other things that I did last Saturday: I was writing my name and training Japanese calligraphy at some friends house. Well じゃん えべるそん means Jean Everson, and for those who are not used with Japanese characters it is hiragana, the basic Japanese writing.
They also wave another two alphabets. One that is phonetic base called katakana and a second that is Chinese based ideograms.
Here is the Video:
The coolest thing is that within one our of me sending the video to youtube I got a comment in it :)
Monday 26 November 2007
Foto Updates from Hackintosh
.jpg)
As I promised, here are the picture of my HP DV 2000 running Mac OSX. After more than 5 days with it in my hard-drive, I decide not to keep it, because some essential things doesn't run in it, like power management, wifi and the computer heats a lot.
Thursday 22 November 2007
Hackintosh Odissey
Well, now I can state that I have a fully functioning hackintosh :) I finished installing my HP laptop with MacOS 2 days ago. It works very well, eve faster than a macbook I bought 3 months ago for a friend in Brazil.
Lessons learned :
- EFI is something really important, and there is no reason for us to stick in BIOS except that Microsoft does not support nativeEFI .
- Don expect to make your hackintosh work 100%, because device drivers are still a pain.
- Although I liked a lot I will be uninstalling it soon, because my wifi wave not worked, the microphone and the power management also.
Sleeping in Airports
Today I received a very nice feed from a site I signed up. It called my attention because it is something I am a bit used to: Sleep in Airports. The guys are Professional ins this matter, and I am just a beginner.
This reminded me the day me and Giseli arrived from Italy in Stansted, we got a 3 hours delay in passport control, and lost the last bus to Cambridge. This time Giseli had the great idea to rent a car, since I had to be back in Stansted at 6:00 to fly to Germany.
The bad thing was that we had to sleep the when coming back from Germany because the passport control again. I also already slept in Lutons twice :)
Tuesday 20 November 2007
WIFI Hacks
Well, today I was revising some strategies for my XBOX project, and I was looking for something really good to put mine wireless.
I bought a wifi bridge to connect my xbox, but it didn't worked with my router at home. As I payed £140 on the router, which does almost everything you could imagine (VPN, VOIP, WIFI, Print Server, etc), I decide to change the bridge.
But this bridge I have, has a very very small aerial, and I was intrigue in how to make it more powerful, then I found the following:
The site where it came from is: http://www.viddler.com/explore/babblin5/videos/7/
Monday 19 November 2007
Mac OS X Odissey
Well, it is quite a long time without posting anything here. Today I decided to post something about my weekend. Except a trip to Bedford to buy stuff in Primark, and finishing an article to an important conference in the US, I dedicated my time to try to install the new MAC OS X in my HP laptop. Because of this I call this post Mac OS X Odissey.
The basic idea is that MAC OS X is designed to run just on Apple computers, but since they use an Intel Microprocessor, it is perfectly viable to use it in any new computer that has an Intel like microprocessor.
I have`t being able to boot my machine yet running MAC OS X, but I found very interesting ideas on how to build your own Hackintoh:
http://lifehacker.com/software/hack-attack/build-a-hackintosh-mac-for-under-800-321913.php
This is the basic post. From there you can follow links and grab all the information.
Disclaimer: Although illegal to use MAC OS X in a generic PC, it is a very nice DIY project for computer scientists like me :)
Friday 9 November 2007
Updates...
Well, I missed two days without posting, so I will try to post more than once in these days.
First things were really busy, since my italian friend Michele (reads Mikele) came. We have been around Cambridge showing things to him.
Other problem I had is that I am packed with supervisions. I had 3 yesterday and I don't know why, I accepted more one group in the last minute, so I am with 9 groups at this moment. The only good thing is that I am repeating the work from last year so it doesn't take that much time as it used to take last year.
Today arrived a 160GB 2.5" external hard drive I bought last week. It is really nice because now I can free an 80GB one 3.5" I had to use in my Xbox experiments, meaning that I will be able to download ans store even more.
Also arrived the WIFI adapter I bought to connect the Xbox to my home network, this was really disappointing. I bought a WGA11B (remeber this to not make the same mistake), and this damn WIFI bridge refuses to talk with my Draytek all in one router. Probably I will sell it in ebay and buy another one, since Giseli will start to complain about the taped ethernet cable I fixed in the walls at our flat :)
Tip of the Day: If you need some business cards, rubbers stamp, personalised post its, etc go to this website: http://www.vistaprint.co.uk/pix3 . There you can order this things (limited but fine) just paying £3 for the delivery.
Thursday 8 November 2007
How to cheat in Brazilian Elections
This post is about an article I wrote to myself some time ago, that creates a very nice business in cheating the Brazilian electronic elections.
Enjoy.....
How to buy votes with confidence in the Brazilian Electronic Election System.(thoughts)
Brazil is know world-wide for its natural beauties and for thing like Samba, Pelé and Carnival, although we (Brazilians) know that Brazil has a lot of other things that are really interesting and attractive to us and for everybody else. But one thing that is becoming a trademark in Brazil's culture is corruption. Recent scandals lead to world wide headlines about Brazilian political and corruption systems.
What I want to expose with this writing is that one problem Brazil has nowadays on its democratic system, can, be even worst, if some computer science knowledge could be applied in bad ways and that the actual and past governments really do not care about a matter so important to guarantee the Brazilian democracy as a whole.
Brief Story:
Brazil was the first country to run a completely electronic election system on 2002, and the first prototypes to the actual Brazilian DRE (direct recording electronic) system was tested in 1996 in the Santa Catarina state (my home state), and were produced by local companies.
From that time, the system evolved and started being developed by very large and multi-national companies, like Diebold-Procomp, a branch of the same company that develops the US voting machines. During the development of the electronic election system, lot of power was given to TSE (the Brazilian Federal Elections Division), and with this power they developed a proprietary machine, based on Intel's 80386 platform, just adapted to run a proprietary software that create, store and count the votes, without giving you the possibility to recount or scrutiny the software without being under TSE rules.
Lots of complains were always made to TSE about the DRE security, but as TSE has full power over the system and the government does not have an interest in opening a Pandora box, normally all requests made to look inside the software or hardware are denied, or you must sign a NDA (Non disclosure agreement) with them prohibiting you to tell others about flaws(if they exist) on the system. I myself never saw the DRE election system by inside, but I have talked with people who did, and also read the authorized reports that TSE asked to be done by some Brazilian universities and research centers. I know the system as an outsider, so some of my consideration can be mistaken....
Description of the System:
Taking in consideration the hole process of the Brazilian election, we have normally the elections being run on the states, and the states have their own Election Divisions(TREs), probably this attack does not make sense on Nation wide, or even on State wide election, but on small cities, like the one where I am registered to vote (Massaranduba-SC, with 7500 voters), buying votes, or even chase people to vote according someone's instructions is something that really happens.
In this election scenario, 1 or 2 votes can make the difference between being or not to being a city counselor, so they (the politicians) start "fighting" in the most different ways. Some time ago, I think 2 elections from the last one I missed because I am here in UK, I realised that there is a potential business to be run on the "counselor being thing". A counselor gets an income of 2500 reais/month including every thing, so he can somehow invest his money in a way that, for sure, it will return (without counting on acting in a bad way like corruption bribes) in an election. Suppose that a person really want to run this business, the total income as counselor will be 120k reais over the four years, why not invest part of it to become a counselor?
Answering this question, some people really think this as business, so they start figuring out how to make things happen, and normally one very good decision is start buying votes. The vote buying process consist in decide how many votes you need to buy, and how much you can spend on it. Supposing that you want a very big profit we can say that you are allowed to spend 25% on your supposed income, than in our case is 30k reais. Now the maths get really easy, with a good security margin, supposed you will buy 300 votes (we will have a bit more, because at least your family will vote for you), so you can pay up to R$100 per vote.
One thing that the candidate must take in care is that some people are not faithfully, and they will just grab the money and will not vote the agreed way, so normally the profit will lower in our business. Then, you need a way to check that your investment is running smoothly. This is what I propose next...
Description of Attack:
So I come with the solution to make this business even more profitable. We can make use of cheap high tech to control the investment, and even punish those clever that just wanted to grab the money and vote against what was proposed. What I am telling is about running a "Tempest attack in the voting machines to record the voting".Eavesdropping is something that is not new and consist in analysis RF emitted by electronic circuits when they operate. There is some work here in Cambridge that can be directly applied to the Brazilian election system. I can take as base, Prof. Markus Khunn Phd Thesis. He developed a very easy and small system to capture RF emanation from computer monitors. This system can capture from some distance (that really does not matter for us) the images in a monitor (CRT or LCD) if the specific cautions were not taken in the environment were this computer runs. The real strength of this attack is that you are just ignoring the system's proposed security, and acting on misconception problems.
After reading a lot about the voting machines, I realized that the government did not care about a very simple attack like this, but that can make a real difference for some people's business, the recording of the vote and the correlations with the persons who voted, so how can we make this happen?
I propose to use Markus attack to steal the light emanated from the LCD screens, or even easier on the VGA circuit on the Brazilian voting machine, that is nothing more than a computer that works specifically for voting purposes as I briefly explained before. Then raised the question, how this can make "my proposed business" more profitable, and even if I can record, how would I correlate the voters with their vote?
The basic Idea is: as we know how to capture the screen emanations from the Voting machine and we know were it will be located (at least a room in a school or something else), we just need to install the screen tap device in the room were it is able to capture the screen, then we use election proposed security against the system. One thing I have not mentioned is that elections on Brazil normally are ran with a security mechanism called "conflict of interests". This means that in every room should be present a person nominated by one party running in the elections. In "our business" we can use this person to make the tie from voter and recorded vote. By knowing who was payed to vote, the person can just take note of the sequence number that this person has on the voting order, and than we can correlate later.
As an Example, we can tap the election system and record all votes, than the party person can see that Jean was the 4th to vote on the day, so when the election is finished, what we need to do is to just check the recording and see that Jean really voted the right way, and if not, we can go to his home and chase him to have our money back :).
Possible Solutions:
First we can think on very drastic solution, like that every voting machine should have a Faraday-Cage to protect the RF emanations from being captured by the tapping device, but this lead us to other problem. How to transport Faraday-Cages to the Amazon jungle, and how much this solution will cost.
By thinking I figured out that we can do some other different approaches, like we can produce noise, in such a way that the recording can be a bit more difficult, and this noise could be just a noise generator in the same frequency.
Then I started thinking about some changes in the software interface, that instead of showing the picture of the chosen candidate, can show all candidates, or other from the same party, just showing the picture of the chosen frame in different color (colors are difficult to grab with eavesdropping), or who knows, trying to use some hard water mark in the picture, that can make just it visible to the tapping device.
Tuesday 6 November 2007
Getting Used
Well, today I was about to go to sleep and then I remebered that I forgot something. It was my day blogpost, for the happiness of my readers :)
Today there is no basic story, except that I now almost gave up in changing my car for a newer one. I took it to a mechanic that said that there is a way to sort out the problems (without spending more than I payed the car). Actually it will gonna be cheaper than I expected.
After some googling (and now froogling), I found a way to change both front tyres for less than £60,00 (fitted), which people asked me no less than £135 to do in the normal way. The trick is to buy the tyres you want on the website (www.mytyres.co.uk, or search in www.froogle.co.uk), send the tyres to a local fitter, and then take your car there. The tyres costed £18 and the fitting £11,50 each. I bought the tyres, now I need to take the car there next week. My odissey with the car continues, since I will have to find the cheappest way to make an oilchange in the next 600 miles.
Another thing I realised today is that I already have a solution that people is looking for. While listening to the TWIT (a podcast called this week in tech), I realised that they were looking for my hacked Xbox. They asked for something able to play any kind of media, and that was able to play on-line content such as youtube. I wrote them and e-mail to include Xbox Media Center in teh next edition of TWIT, lets see...
Monday 5 November 2007
Holywood here I go!!!
Well following some suggestion from Carlos, I will post the link to my famous video riding the bike from the ComputerLab to the City Centre.
http://www.youtube.com/watch?v=TsXhzFWewLU
Actually I am preparing more videos for this series. Basically what I need to do is to prepare my helmet with the camera and take a good ride to the city centre and from there to madingley.
In this youtube pages, I recieved comments about the video, most of the people hating it because of the noise. So I will prepare the next ones with some basic rock and roll sound track.
Maybe you will have to wait a bit to more videos, because I am getting lazy and Giseli is giving me a ride almos everyday when she goes to work in Herts.
Things to go wrong
Well, today was nothing special. First started with a unusual rush to go to the ComputerLab, to do tyhings I haven't during the weekend. My supervisor fianlly decided that I need constant and close attention. He stated that we should have meetings every couples days, until I get rid of the major problems I am facing right now.
This is really interesting, beause is the reward of one month doing literally nothing. I realised that during whole last year I kept doing lots of things, and had meetings fortnigthly. Now that I did nothing, three times a week. Maybe the formoula to do something is starting doing nothing (at least at first).
About today's title, my day was useless until some minutes ago. I lost the whole day trying to use and old sofwtare in a new platform. I have been mentally tired of doing a "mental parsing" in my protocols proofs, so i decided to downgrade the Xemacs I use to an older versions, that supposedly didn't had the issue.
I keep reading "Watching the English", and now I tested some of the theories in the book. I tried to start some smalltalk with people by talking about the weather, and surpisingly it worked 100% of the times. It also gave me a clear idea if people were keen or not to talk to me. Very nice....
Discover of the day: "UK is as violent as Brazil(I already suspected). I know people would desagree with me, but tonight I saw a TV show in Five called "street crime live".It depicted how gangs of hoodie divided London regions in territories, creating things very simillar to Rio de Janeiro's slums.
They also think they act to have just respect from other gangs, but they help drug dealers, robbers and shopt lifters to keep their "neighborhood" clean from competition and by consuming. Finally, the difference between London and Rio are basically that Rio is almost double the size (7M against 12M), and that criminality in Rio is divided in Hills, and in London by Postcode. The results of this crazy thing were 22 under-20s stabbed to death just this year. I know that Rio does not even count any more people stabbed (just killed by firearms), but what worries me is that people have false impressions of safety".
Sunday 4 November 2007
Sunday bloody Sunday
The title does not describe exactly the sunday, but all my rage now. I have been trying to watch "Panico na TV"(A brazilian humor TV show) for about 1 hour and nothing. Theres is some problem with the feed I am using in my xbox. I lost also sometime searching for alternatives. It was working very nicely just before the program started, but now is horroble.
Good things for today were the final decision on my birthday party next weekend and gift I recieved from Giseli for my brithday: A book. The book she bought me was a nice advice from a friend (Tete), and the title is: "Watching the English" from Kate Fox. I already read more than 30 pages today, hoping that this will help me to understand better the society were I am living right now. I am really enjoying this (non technical) reading....
Discover of the day: "Some plugins for XBMC called: Madcat, Nav-X and MediaStream. The first is a good collection of video podcasts classified in about 30 different areas. The second, a browser access networks like stage6, where you can watch whole movies and tv series online. The third lists a lost of tv streams all over the world, what made smaller my effort to watch the brazilian tv shows I was missing for so long time."
Blog Start
Well, as this is my first post, I would like to tell everybody that this was not my idea, but Renata's. A brazilian friend, that always liked to listen my stories about the funny things that just happens to me.
I will try to kepp posting on a regular basis, but as I tried before to work on blogs, I thinks this will not be easy. My last blog died due to inactivitie. What I really need is just some people pushing me to keep this one.
Well, altought my mother tongue is not English, I will be writing in this language to enable my friends here in Cambridge to take a look in the posts also.
Well, I hope that this is a good start post.
Jean
