I maintain a couple of ArchLinux user-contributed packages on the Arch User Repository (AUR), and over time I’ve built out a bit of infrastructure around that to make that maintenance easier (and hopefully the results better). The core of it is automated building of packages in Continuous Integration, which catches a number of issues which otherwise would be more difficult.
The second season of Mr. Robot has just finished last week. While it’s one of the most amazing thing I’ve ever seen, it is also held as the TV show with the closest depiction how computer hacking works for real (see for example Quora or Reddit). Looks like it inspired a lot of people to “try out” the tools the characters use on the show (adding to the popularity of Kali Linux, or the Wickr chat app for example), which does feel a natural way to relate to your favorite characters, in a geek way.
I couldn’t resist either, and tried to dig a bit deeper, learning some geek (ie. not professional) lessons about how hacking works, party from the events in the show directly, partly by following for a few steps what were done in the show, and deconstructing the results. Here’s what I’ve collected so far:
Social engineering is likely a big part, a crucial enabler of most “successful” hacks. The show works with characters so it might be biased towards human actions, but it makes sense that social engineering can open door where the “bits” are closed. All the shows main hacks I remember included social engineering (not going to spoil here anything). This also made me a lot more aware in life, for example when talking with my bank online, or trying to get official things done in a way that it involves trust. Very much seems to me, that social engineering vulnerabilities and “opportunities” are really abound, and that makes me a lot more careful. For example, when calling to the bank, my verification data is three pieces of information that is available online or relatively easy, and I think of how I’ve seen such situation abused (in fiction, mind you), then I get a little jumpy. Not sure how other countries are like, but it feels like so many weak points in Taiwan, that she is just protected by the language barrier from western hackers/scammers – but sure that doesn’t deter another hostile nation. So yeah, my lessons is trying to improve on things, be mindful of trust-based situations encountered, while do be more confident to get things done better (in a non-malicious way of course), as confidence is one of the key ingredients of social engineering as well.
Taiwan has a very interesting attitude towards technology (for better or worse), and it is fun to try out anything new that comes up here (for a certain definition of “fun”). When the news hit late last month, that the National Immigration Agency opens Internet ID application to foreign residents, I was there to get mine as soon as it was available. The “Internet ID” refers to a “Citizen Digital Certificate”, also called MOICA, a smart card that supposed to make a lot of services available through a web browser or other government-produced software (e.g. filing taxes online). For Taiwanese citizens MOICA seems to be available at least since 2003 (according to the news report I’ve managed to dig up), but this is the first time it available for us foreigners living here.
In this rather graphic post I try to summarize the process of getting a MOICA card as a foreigner in Taiwan, setting it up, and some (opinionated) lessons to learn from it.
The process of getting and setting up the card is outlined in this leaflet that I’ve picked up.
Though – not surprisingly – in practice everything is a lot more complicated than these 8 bulletpoints.
This week I got a Wio Link prototype from a friend at Seeed Studio. It is an ESP8266-based little Internet of Things board with 6 Grove connectors for easy device connectivity, wifi networking, and controlled over an app & the Internet. For a quick project I wanted to hook it up with Home Assistant, an open source home automation platform that I read a lot about lately. The main focus was to have a first impression of both parts, and build up some experience for future, more serious projects.
The target solution: light up an LED if a particular person is at home location. Sort of a basic alarm system, though notice that the location of the LED was not mentioned – it can actually be anywhere in the world, as long as there’s Internet connectivity.
Wio Link was introduced in Seeed’s Kickstarter campaign, where they have raised more than 8x of their original target. It looks like a neat little board, and was happy to try out when I got my hands on one.
Their wiki page has quite a bit of information, so it was easy to get started. Connect to power, hold down the configure button till the LED lights up in a “breathing” pattern, connect through their Wio Link app, set up the wireless network settings and so on. Once connected, can define what kind of devices are attached to the board, and it looks like most of Grove devices are represented there. I only had a Grove LED at hand, so added it (“Generic Digital Output”), updated it, which created a new firmware and pushed onto the device.
The first update took a couple of minutes, but it’s pretty straightforward. The device then also has an API link, which brings up a web page with all the options to query, control, and reset the attached accessories (in my case that’s the one digital output).
Recently I’ve been experimenting with the Scratch programming language, created by the Lifelong Kindergarten Group at MIT. It’s a fun environment that uses visual programming: drag-and-drop pieces of code blocks, and control objects on a stage, and the stage itself. It has quite a bit more depth to it, than the expression “visual programming language” implies, with it’s internal messaging system, multitasking, and event-driven approach. While it was originally aimed at creating interactive graphics and animations (see this TEDx talk by Prof. Mitch Resnick on the background), it is now evolving into new territories with the Scratch Experimental Extensions.