Category Archives: Hottest

Most popular

Breaking Bitcoin

This note is not a call to action, here I will describe the weaknesses and potentially dangerous aspects of Bitcoin and blockchain technology.

Vulnerable center

The principle of Bitcoin and blockchain is to store and change a common database, a full copy of which is stored by each network participant. The system looks decentralized, since there is no single organization/server on which the database is stored. Also, decentralization is given out as the main advantage of the blockchain, it guarantees that nothing will happen to your bitcoins without your knowledge.


The Block-Plague Principle by Elkin

In order for the blockchain to work, it is necessary to make sure that each user downloads the latest copy of the blockchain database and works with it according to certain rules. These rules include the implementation of the Bitcoin mining principle, receiving a percentage of each transaction upon confirmation (transaction fee) of the transfer of funds from one wallet to another. A user cannot draw 1,000,000 bitcoins for himself and buy something with them, since the amount of money in his account for other users will be unchanged. Also excluded is the option of withdrawing funds from someone else’s wallet only within your database, since this change will not be reflected in other Bitcoin users and will be ignored.
The vulnerability of the current implementation is that the bitcoin wallet is located on the server github, which completely covers the advertising slogans about decentralization. Without downloading the wallet from a single center – the developer’s site, it is impossible to work with bitcoin, that is, at any time, the developers have full control over the network. Thus, the blockchain technology itself is decentralized, but the client for working with the network is downloaded from a single center.
Attack scenario – let’s say a code is added to the wallet to withdraw all funds and cash out to a third party account, after which any user of the latest version of the wallet will lose all bitcoins automatically (without the possibility of recovery). I doubt that many wallet owners check and assemble it from the source code, so the consequences of such an attack will affect most users.

The majority decides

Blockchain is a decentralized p2p network, all transactions are confirmed automatically by the users themselves. Attack scenario – it is necessary to obtain 51% of the network in order to ignore confirmations of the remaining 49%, after which the attacker gains full control over bitcoin/blockchain. This can be achieved by connecting computing power that overlaps the rest. This attack scenario is known as 51% attack.

Guess me if you can

When you first launch the wallet, the computer generates a pair of – private and public keys to ensure its correct operation. The uniqueness of these keys is extremely high, but there is an option to generate keys using the code word – the so-called – brain wallet – . A person stores the keys in his head, he does not need to make a backup of the wallet.dat file, because at any time the keys can be regenerated using this code word. Attack scenario – the attacker selects or learns the code word, generates a private-public key pair and gains control over the wallet.

Just copy

The private-public key pair is contained in the wallet.dat file. Any software that has access to this file has access to the Bitcoin wallet. The defense against such an attack is to add a code word that the user must remember and enter for all operations with the wallet. After adding the code word, the attacker will need to have wallet.dat and the code word to gain full control.
It is also worth adding that when you enter a code word, it goes into the computer’s memory, so any hardware and/or software vulnerabilities that allow you to read *someone else’s* memory will allow this code word to be read by virus software.

System error

Hacking Bitcoin’s encryption algorithms will instantly lead to its death. Let’s say there is an error in the implementation of the algorithms, the attacker who finds it gets either full or partial control over the blockchain. Also, the encryption algorithms used in Bitcoin are not protected from hacking with the help of future quantum computers, their appearance and implementation of quantum algorithms – will put an end to the current implementation of Bitcoin. However, this can be solved by switching to post-quantum encryption algorithms.

Flame Steel: Courier Nimble Eyes

His name was Revil, and his nickname was Nimble Eyes. His friends called him Nimble. A street-bred, nimble kid, he always knows what’s interesting and who to get it from. For this, he earned the respect of the criminal world of Alterra – 14.
Now he was inside the warehouse of Native Pharm-United. There were huge containers around, the smell of pharmaceuticals.
– Why did you get up? Take it and go.
The clerk said snapping, he looked nervous, shifting from foot to foot, it was clear that he was very afraid. His shirt was wet with sweat.
– I’m from the security service.
The clerk’s face turned pale and he staggered even more.
– So what now?
– On the floor – hands behind your head!
The clerk frowned, took a deep breath, and pulled his hand down. Quick Eyes sensed something was wrong – it looked like he was reaching for a gun. Revil stunned him with a blow to the impudent face, the little body fell in front of him with a pop.
–I asked nicely…
After searching the clerk, Revil found a regular inhaler, the kind used by asthmatics, in place of the gun. He also found an access card to the company’s laboratory sectors. It was a very lucky find.
The Toxic Brothers gang sent him to pick up a batch of the banned substance – endofomil. But Revil didn’t care about the Brothers and their toxicity, he was here for another reason – he intended to draw his lucky ticket.
The elevator doors swung open, Shustryak chose the floor indicated on the map – forty-second. The elevator slowly moved. Revil was thinking about what he would do in the laboratory sector. He was aware of sophisticated security systems, intelligent identity verification systems, brain wave analysis and the like.

Revil by Inc
Revil by Inc

He wasn’t alone here, an employee of the Lorian company agreed to help him cause a system failure, as a result of which Revil would have ten minutes to carry out his plan.
On the thirty-third floor, the elevator stopped, and a loud bang was heard above Revil’s head – something landed with a crash on the roof of the elevator.
Shustryak reached for his pistol, but at that moment metal tentacles broke through the roof of the elevator. They entangled him, there was a grinding sound and the roof of the elevator was turned inside out. A girl’s face looked at him through the hole – cold empty eyes, a metal plate with blinking red indicators on half of her face, deliberately not hidden under the skin.
– Before you die, answer me, why did you come here?
Shustryak couldn’t move, the steel tentacles were squeezing him tighter and tighter, soon he wouldn’t even be able to breathe.
– I have come for what is rightfully mine!
A satisfied grin appeared on the girl’s face. The indicators flashed alternately green and red…

Losing yourself

“You can’t be a master of everything” – I’ve always found phrases like these funny. Everyone, users, programmers, bosses, and customers, falls into this trap of specialization. “I want it like Microsoft/Apple/Google”, “Why can’t we just make a Russian iPhone?”, “Why isn’t it like Word/Uber/Photoshop?” – Anyone who is even slightly involved in IT has heard these phrases. These phrases, repeated by different people, sound even funnier.

I’ll ask you, reader – why do you need another Word? Why do you need another Uber? Why do you need another Photoshop? Why do you need it to be like an iPhone?
Why do you tie yourself to only one company’s interfaces and approach? Why do you label yourself as an Apple/Google/Microsoft lover? Why can’t you open your mind to alternative approaches to solving problems, why don’t you want to be more productive?

A lot of Microsoft users didn’t like how the company decided that everyone needed to upgrade to Windows 10. People complain about the iPhone’s inconvenient interfaces, system crashes during updates, design changes that they don’t need, but they still continue to use them because they’re used to it, and having an “iPhone” is a status symbol in modern society.

Sometimes it seems that if Microsoft/Apple/Google were asked to give up their own children in exchange for continuing to work with their products, then due to the high attachment to these products, people would easily give up their children.

Don’t be like them, don’t get attached to one product, look at alternative options. Once I was offered to develop a system for realtors, with an interface on Microsoft Excel, there were also offers to develop an “interactive whiteboard” system on Microsoft PowerPoint. When I asked why Microsoft, they answered that “we’re so used to it”, when I asked if there is licensed software from Microsoft in these companies, they answered evasively, saying that if it is necessary, they will buy it.

Reader, I urge you to study the edges of the IT world, at least in general. If you have been using only Microsoft Windows all your life, try Apple OS X, or Linux. If you only use the iPhone, try using the latest version of Android for at least a week. The moment you switch to the side of only one company, closing yourself off from the products of others, at that moment you lose yourself. Yourself, as a person who can decide for himself what he wants, as a person who can choose the most convenient and productive tool for solving a specific problem.

Programmers of only one platform – another headache for me personally, as I believe, for the IT industry as a whole. Developers who make applications with export only to *.doc or only to *.pdf, developers who are tied to only one outdated commercial database (for example, IBM Informix, or God forbid Firebird), only to one type of hardware (all these non-working programs for x86 on Android), of course, I understand that you are “used to”, but guys, it’s time to change.

In my work I often use unpopular, but very convenient tools. One example – it was necessary to reduce the resolution and compress about 100 photos for fast loading over 3G and output to iPad. That day I heard one of the most typical phrases – “We will have to manually convert all the photos in *Photoshop* to the desired format.” It seemed funny to me because I imagined a person who would manually, like a servant of God, redo all these 100 photos in Photoshop, or try to automate through the built-in mechanism. The point here is that the person is so attached to Photoshop that he did not even suspect the existence of a free, open set of tools like ImageMagick. ImageMagick allows you to do a lot of things with vector and raster images, including being ideal for solving a problem with 100 pictures in 5 minutes.

Be a master of everything, study, try, don’t become a slave to a specific corporation.

How We Made Mad Racer

Hello dear reader. In this note I will describe my experience of creating the first game for Android mobile phones. Many people like this story, I think it should be published. This is not a success story, but I think many novice developers will understand where to start and what to do to create a simple game. I will definitely describe my mistakes, and what could have been done better.

Hewl-Tanky

May Jamie Hewlett and Alan Martin forgive me for publishing excellent Tank Girl art without their permission

Sometimes you get into a state where you want to create something so that everyone gasps and says with their mouths open “You’re awesome“. This story happened to me in 2011, when I watched a fragment of the film “Tank Girl” and was inspired by the idea of ​​creating an arcade game in a comic style.
Why Android and not iOS? The reason is simple – I didn’t have a Macintosh or an iPhone, but I had a great desire to support Linux on mobile phones. At that time, I liked the FSF ideology, and Richard Matthew Stallman was my god.


Linux Hackers Song. Before you sing – believe in world peace

At the time of development, the latest version of Android was 2.0, and it was also necessary to leave support for older versions, since there were a lot of 1.6 users. Many phone manufacturers did not even release updates to version 2.0.

I immediately set a time frame for the implementation of this project – one month. During this time, it was necessary to improve my knowledge of Java, study the Android SDK, Eclipse, meet the monster in the face of OpenGL ES and put it on both shoulder blades. On the graphics side, it was necessary to create about six 3D models optimized for mobile phones. It was also necessary to release the project for gold in the Android Market, at that time Google Play was called that)

jpct_logo
jPCT-AE бесплатный 3д движок для Андроида

Since there was little time, it was necessary to choose a ready-made 3D engine. It is possible to create your own engine from scratch, but it is not very productive, since most of the time will be spent on testing and compatibility with all devices. Before the arrival of Unreal Engine, Unity, ThreeJS (HTML5), the leading engine was JPCT-AE. The engine was supplied as a ready-made java library, supported old versions of Android. Also, its creator EgonOlsen promptly deals with support and fixing errors at the request of developers.

antonHooligan

Frames decide everything – hooligan Anton agreed to write music for the game. I have always admired his creativity, his work served as a locomotive driving the entire gameplay, forcing the user to play until the last downed helicopter.

So much stuff, where to start? You need to start with installing the Android SDK. Now it comes with a built-in IDE – Android Studio. But at that time, the IDE and SDK were supplied separately. According to the documentation on the Google website, I installed the Android SDK, Eclipse. The necessary packages for Eclipse were also installed to ensure the assembly and launch of the Android emulator. An hour later, I built a test project jpct-AE:

That was wow! But in the phone emulator everything was very slow. Therefore, it was decided to buy a phone on the Android platform. For these purposes, LG Optimus One P500 was purchased. Since then, I have not used excellent Nokia push-button phones on the Symbian platform) There were problems connecting the phone to Linux, if someone still encounters them, then check the udev settings.


Jobs quotes Pablo Picasso

After watching Alien Runner, I realized that the alien could be replaced with a motorcycle and two punks with a bazooka, the clearing around could be turned into a metropolis, and the fog could be replaced with the night from Iron Maiden’s ballads.

How to make 3D models? It’s very simple, open a lesson on creating low-poly models on YouTube and do it. The whole process consisted of outlining projections in a 3D editor. I found drawings of an Apache helicopter, and made a model of the helicopter. Textures were taken from open sources of the US Army.

McDONNELL_DOUGLAS_AH-64_APACHE

Why do you need a helicopter in a game with two punks and a bazooka? When I played the prototype, I noticed that the player can just stand still and score points. The ideal solution was a helicopter that flies in and throws submarine torpedoes at the player, preventing him from stopping.

In mobile applications and games of that time, the problem of lack of memory was acutely expressed, both on the phone itself and in the RAM. Performance was also a C. One ARM processor with a frequency of 300-500 MHz. As a result of testing on friends’ phones, it turned out that HTC has twice less video memory than LG, 8 MB and 4 MB so-no, because of which the game knocked out memory limits and did not start. All resources were compressed to the point of getting a frame rate of 30 frames per second, and the ability to run on almost everything.


Do not repeat!

In Alien Runner, control was carried out by pressing the screen. This type of control seemed inconvenient to me, so I implemented control using the accelerometer. That is, you turn the phone – the motorcycle turns. I liked it so much that I even added a first-person view, for the bravest.

I needed support from the developer of the jpct-AE engine when I noticed that the shading in the front disappears in the game. This happened after minimizing and maximizing the application. I created a topic on the jpct-AE forum and in two days the problem was solved. I integrated the corrected version of the engine into the game.

There was also the question of how to implement an infinite supply of cars. For a mobile game, it was necessary to come up with a way to ensure that cars were added to the game scene FAST. The option of loading from slow memory or an SD card was immediately rejected. A design pattern called an object pool came to the rescue. When a car went out of sight or was destroyed, it was turned off and at the moment when it was necessary to supply a new car to the beginning of the scene – it was turned on and placed there.

android-market

Well, the day of release has come. The game has been tested, a preliminary demonstration to friends has been held, now it was time to go gold on the Android Market. Registration in the Android Market cost $20, paid. A description, screenshots have been added. And at that moment I realized that I needed to record a video.

How to record a video for a mobile project? Should I really shoot it on a mobile phone and then upload it? The solution was interesting, I used an Android emulator, played a game with a frame rate of two frames per second, recording everything that happened on the screen using a program called something like gtkDesktopRecorder. With the help of VirtualDub, the video speed was increased to 30 frames per second. Then, in the best video editing program – Windows Movie Maker, I added all the game sounds and music.

Now came the moment of mistakes. Nothing was invested in the promotion of the project, no effort, no money. I then thought that the project would pay for itself. The game went gold, I created a topic on the jpct-AE forum about Mad Racer. I got 12 installations for a dollar in two weeks. And I found the game in free access on a bunch of warez sites the very next day.

Singing the FSF song “Share the software” I decided to make a free version, with advertising. The game was transferred to the AdWare category, an advertising banner from the AdMob network appeared at the bottom. Integration with the advertising system went smoothly. In a month, the game was installed on ten thousand devices. I received $50 from the advertising network.

In general, don’t forget about advertising, I think that it should be one of the main items of expenditure for your project.

On the positive side, I want to note that I got a job as an iOS developer in one of the best companies in our city. And of course, invaluable experience.

madracerLogoСсылка на Google Play

If you liked the article, repost it on VKontakte, Facebook)