All posts by Abhishek Nagekar

Hum Developers Kab Banenge?

Uncategorized,

I was sitting at my office desk as usual, besides the window enjoying the cool breeze of post 6 pm friday evening of a summer day, 7 floors in the sky, at our office. We’re now 2 regulars in the office, and while it does get a little boring at times, there are also times when I appreciate the silence, the sound of wind through the little window on my left, the occasional rattling of helicopters passing by. That desk and that window are really interesting, my gateway to a different world where I just sit 15 minutes at a stretch staring at a distant building, the lights on its terrace blinking harmoniously. The occasional helicopter, and the people inside of it. Where must they be heading? Are they appreciating the fact that they’re inside that bird that countless individuals like me adore from the ground. I don’t know.

And just like that, I get to think about my own self. My thoughts four and a half years ago, in the first year of my college. There was so much excitement of getting into computers formally, finally. Now I could actually read interesting stuff off the Internet all day long and call it studying, without raising my mum’s eyebrows. I had a friend with whom I could share my technical side, which wasn’t much then, to be honest. Programming was the new thing and we knew we needed to learn this wizardry. Why and how we never thought of. There wasn’t a lot of knowledge within, not even speaking of wisdom, startups were unheard of, and life’s goals were defined in terms of what to learn next and ‘let’s see if we can solve this interesting puzzle with code’. It just was this raw energy that we had then, a kind of purity towards learning, the way opposite magnetic poles attract; no stray intentions.

It always brings a smile on my face thinking of those days. That purity towards the thing that you love, not asking why or if it will help me figure things out in the ‘big picture’ or will it look good on my portfolio, just that desire to go do it, to learn that absurd thing that has been obsolete for half a decade; why, because why not. I clearly, very clearly remember the happiness I felt after learning enough C to write basic programs, enough Python to flaunt my first ‘full stack’ web application. I learnt much later what full stack was, and even later that it was a job title. It was nice being able to make those things. We did whatever we thought was cool at that moment, anything that would tickle our curiosity.

In the midst of all of this, there was always a question I remember asking myself and my friend: ‘Hum developers kab banenge?’ All we knew was that a ‘software developer’ gets paid to do the kind of things that we do as hobbies. We had seen in total one software developer by then. He was Asa Dotzler from Mozilla. He was a nice person, but then we saw him as God because he could write code, you know. We kept on asking the question, but then sometime later, we stopped. Life got busy, everyone dashed towards their personal goals, the bigger picture and all that adulthood stuff. Suddenly, all of us were identified as developers, got hired as software engineers and started working for a monthly paycheck.

We were there before we even knew we were, and things aren’t much different on this side of the fence. Only now, you have to work whether or not you feel like working, your hobbies come in secondary to your professional goals and your life starts to revolve around this weird hierarchy of going from bottom of this growth ladder towards the top, occasionally changing the ladder. I guess that was all part of the package that we never bothered to explore properly. Or perhaps all of this is the optional bit that we took because everyone else was taking it, and maybe, with some courage we can get rid of this extra weight slowing us down and be those balls of raw energy that we were in college, being the ‘developers’ that we always wanted to be. I don’t know which one it is, but I guess we’ll eventually find out.

Thank you for reading.

Recommended: Career Advice – Moxie Marlinspike

Home

Uncategorized

I’ve not stayed away from home during college to experience the hostel life, so I never learnt what it was like to go back home after a long time, the ‘ghar ja raha hu’ feeling. What makes one house our home and the other just a place we live in. Why do we get attached to some walls and a roof more than the others that we stay in. What makes some immaterial things more dear to us than others. I was randomly wondering about these little things in the past couple of weeks. Why?

Around 3 months ago, I moved away from home, to this new place. It eased my commute to work. But it was still just a place away from home where I was residing, paying rent in return, not really home. How does one turn such a shelter into something we call home? What makes a home? From my experience so far at this place, the memories are what gives everything a personal touch. Four walls and a roof don’t make a place home. The people visiting you, the moments lived in it, both good and bad, are what creates memories out of nothing. These memories get tied to these four walls. The way data gets tied to a unique entity via a foreign key, our memories get tied to a place, time, to people, to emotions. That’s why college is special. Not for what you gain there, but it is a place for many of our most memorable events.

I had my college friends come over yesterday. There was a lot of chaos as one would expect with a bunch of loud people packed into my little apartment. There were jokes, laughter, swearing, music, planning, silence and lots of other things that we associate with life. Similarly, I have my parents over today. My life becomes very comfortable when Mom and Dad come over as I get good food and snacks right in my hands all day long. Not something I’m very proud of, before you point it out.

Once you have regular visitors to your place, you try to keep it decently clean, organized and keep essential food handy. It isn’t just a place you reside any more, it is your home. You take care of it the same way you care for your real home. You wear a smile when you leave the house, you greet the neighbours and the security guard. Slowly, the brain starts to think of it as that comfy place you go to after a tiring day, home.

I miss my real home, but not as much as I would have if I had not accepted this as my second home. Mom asked me yesterday, ‘What will you do after the contract for this house expires?’, and I didn’t have an answer. Sometimes, things feel so permanent that we don’t think about being without them, and then suddenly, just at the thought of having to let something go, you realize the amount of love you have for it. That finally brings me to this thing of getting attached to non living things. ‘How could you name your things?’ I get asked for personifying my laptop, my car and many other things that are dear to me. I haven’t got the slightest regret for my affection towards these ‘things’, after all, they’ve made me, just like the real people have.

Thank you for reading.

Book Review – Into Thin Air – Jon Krakauer

Uncategorized

While I’m not into mountaineering, trekking or hiking in general (obviously), having a cousin who’s deep into climbing and also having stood at the foot of Himalayas last year and stared high into the sky at Mt. Trishul, a 20,000+ ft peak which was the first ever 7000’er to be ascended by humans, I’ve always had an eye for mountaineering. By that, I don’t mean the actual thing, but that I spend time on the web reading and watching documentaries about mountaineers.

So Abhishek suggested me a book called Eiger Dreams, but via that I found another book titled Into Thin Air by the same author and gave it a try, partly because I’d watched the documentary about this 1996 Everest disaster on TV, and wanted to see how different reading it is from watching it on TV.

The book is written excellently. On the expedition, the author was a journalist for the ‘Outside’ magazine preparing a story while this mishap unfolded. Naturally, the events are very well documented, from random conversations with people during the journey to his thoughts in a hypoxic state 26,000 ft high (The author does a great job at contrasting his thoughts then versus now which gives the reader an idea about not just the physical exhaustion, but the mental turmoil and hence poor decision making capabilities at high altitudes). At times you feel like you’re travelling alongside Jon, experiencing his highs and lows.

Right from getting an offer to document the Everest base camp, negotiating with the magazine for full summit expedition sponsorship, illustrating the characters involved in the story one by one, camp experiences, going for summit, facing a storm, going through a very difficult two day phase at camp four before taking the route down the mountain, the causalities and the emotions that the author puts down, you will literally have a hard time putting this book down.

While the story writing is as good as I can imagine, the accounts from the disaster are still covered with controversies. What exactly happened on 10th of May, 1996? Probably no one will ever know for sure, but irrespective of what happened and who was at fault, if anyone, for the loss of eight lives, this book gives you a perspective on how mountaineers think. I constantly felt that their brains are wired differently. They see the risk of life much differently that we non-mountaineers do, perhaps that is why decide to go up there, where the risk is as real as it can get.

Just after those unfortunate couple of days around 10th and 11th, when the world lost couple of the best mountaineers in history along with others to the fury of Sagarmatha, more people attempted the summit, in spite of knowing about the deaths that took place about a week ago. Four more people lost their lives that season, and that mountain is as popular as it ever was even today.

https://www.nagekar.com/wp-content/uploads/2020/12/Mount_Everest_as_seen_from_Drukair2_PLW_edit-scaled.jpg

Thank you for reading.

Jagriti Yatra 2017

Uncategorized,

Jagriti Yatra is a 15-day long, national train journey that will take you 8000 kilometers across the length and breadth of India, to understand and build the India of smaller towns and villages through enterprise. – https://www.jagritiyatra.com/about

Jagriti means awakening, and Yatra means journey. This yatra has been the most tangent I’ve been in my life, the longest I’ve travelled in a train, the longest I’ve been away from keyboard since mom and dad bought me my first computer back when I was 16, the most diverse group of people I’ve met, the best conversations I had that were not about technology and an event that I’d not forget for the rest of my life.

This yatra is described by many as a spiritual experience, a starting place for a lifelong entrepreneurial journey, a place where you get exposed to the problems that exist in the country that you can solve with enterprise, a place to find your co-founders. That was true for many people around me, so it must apply to others as well. For me personally, jagriti yatra was simply a yatra, a journey through some remote parts of the country, getting out of the routine and doing something new, making new friends with no added motivations. That was all I had wished the yatra to be, and it turned out to be mostly true.

I cannot write about the entire Yatra. That would be too long and tedious (and very boring to read). Instead, I’ve chosen a few aspects of the Yatra that I felt were important to write about. These need not be things that I liked or disliked, just things that stayed on the back of my mind

Train

The train was our home for 15 days. The boogies were divided into various parts; 2 for bathrooms, 4 for male and 4 for female participants, 2 for chair cars where we had group sessions/talks, 2 were for staff and a pantry. Each participant boogie had 9 compartment, each compartment had 7 people forming a cohort. These 7 people were supposed to be from diverse backgrounds except for their vertical of interest (Education, healthcare, agriculture etc). Two such cohorts, one male and one female formed a group for discussions and presentations.

While theoretically we were supposed to be from diverse backgrounds, 6 out of the 7 members of my cohorts were engineers, 3 CS majors, 2 Civil and one mechanical. How’s that for some diversity? Although engineers that we were, we were quite diverse from individual interest perspective. That made things nice, for there were people who liked to doodle, someone who was into cryptocurrency, someone who worked with startups and mentored them, someone who worked with the government, someone who worked for school children and taught them practical science. From the inside, we were very diverse, with lots of stories that we could tell each other about our own professions and personalities.

The train was entirely branded with Jagriti Yatra posters, but not to the extent that it would grab eye-balls (it was still the same blue express train that you see running on tracks). Most of the times, people would mistake it for a regular train and bang on the locked doors and the guards would explain them that this is a special train. Except for the first day, the train reached on time at all our destinations, which is a nice feat for the railways, especially considering this to be a special train (read: low priority train).

Not that we didn’t have problems. A spring broke here, a bathroom boogie replacement there, toilets clogging up, no water for entire days and many such problems, but hey, this was part of the experience and most people took it in the spirit of the Yatra. The feeling was that if you cannot adjust to little things like these, then don’t even bother thinking about improving education and healthcare in rural India.

People

Imagine being thrown in a room filled with 500 strangers for 15 days. It is uncomfortable to think, but then imagine that most of those 500 people are there to make new friends, to listen to your stories and share their own. That’s how the Yatra felt. Everyone was unassuming, open minded and honest. It was like everyone was given a mask to start afresh in a virtual society and they made good use of that chance by being all that they had learnt from their 20-25 years of experience dealing with people. It was great to see everyone being nice; honest yet at the same time caring and sensitive.

All of us opened up a lot during these 15 days. My personal goal was to talk to people with whom I don’t share a lot of opinions, and understand the same from their point of view. It was a good exercise, and in spite of all the differences that we had, when it was time for fun, we enjoyed together.

The staff was nice as well. It didn’t feel very commercial, and people seemed to do what they did because they loved it, and not for the paycheck (we were told that a huge chunk of the staff was working for free as volunteers). Even they were open to having random conversations, laughing together and guiding when needed. It all felt like a mobile family for those 15 days.

Food

This was a surprise. Although the food was cooked in the train’s pantry, it was really very good. The food was served in nice white dishes, bowls with steel spoons. The food came in abundance, and honestly, I didn’t spend a single rupee on food for the entire 15 days on the train (except for when we wanted to try some local food out of enthusiasm), and all of the very little expenditure that happened was on the gifts that I bought for family.

To give you an idea about how much food and how many times it was served, here’s a quick timeline.

  • Just after the wakeup call, around 6:30-7:30, tea/coffee would come
  • After some time, around 8:00-9:00 breakfast would be served, either on train or on the platform. Breakfast would include bread, butter, jam, namkeens and a unique dish everyday like upma, sheera, poha, uttappa, idli etc, tea and coffee.
  • Lunch time was around 13:00-14:00, either at the role model place (the place that we were visiting on that particular day) or on train, and it used to be a proper mean with roti/puri, bhaji, salad, rice, dal/kadhi, pickle, papad, a sweet dish etc.
  • Snacks used to be served anytime between 16:30-19, and it used to typically include things like chivda, namkeens, gathiyas, kachoris, samosa and tea/coffee.
  • Dinner time used to be around 21:00-23:00, and it used to be similar to the lunch.
  • haldi milk used to be served after dinner, post 23:00, and it used to come along with warm water (almost all of us were suffering from cold and cough).

I honestly believe this was the best food I’ll ever have on an Indian express train. It was tasty, served warm and had dry fruits in it. Damn.

Formal Activities – BGT & Role Model Presentation

It wasn’t just a joy ride around the country (although I would’ve liked it even then). Right from day 1, we were made to think towards establishing a virtual enterprise in the rural India that would solve a problem in the domain of our choosing. This was the BGT (Biz Gyaan Tree) exercise. Although it didn’t help us form a nice startup or establish an idea that would win the first prize, it did help the team to come close, become good friends and have some great moments amongst ourselves.

The second was a role model presentation (role model is a name of the person/organization at the location we visit; for example, in Delhi we visited Goonj (Goonj.org). So Goonj was the role model in Delhi). We had to present about the role model that we were assigned in a creative way. That involved some team work, creative thinking, drawing and paining on the chart papers and some public speaking. Like BGT, we didn’t do it to win, but used it as an opportunity to spend more time with group members.

At the time, one wishes all of this was optional, but then one must remember that the premise of this yatra was building India through enterprise. So that was that, and in hindsight, it was all fun.

Locations and Role Models

The role models visits were the essence of the Yatra. Remove that and the yatra is literally just a group tour around the country. Role models were either people or organizations who did something substantial in the social sector, provided employment, did charity or anything that helps build the nation. Here’s a list of locations and their corresponding role models for this year.

  • Mumbai [Maharashtra] – Dabbawala
  • Kanyakumari [Tamil Nadu] – Vivekanand Memorial
  • Madurai [Tamil Nadu] – Arvind Eye Care Hospital
  • Banglore [Karnataka] – IISc and Jagriti Enterprise Mela
  • Sri City [Andra Pradesh] – Industrial zone
  • Vizag [Andra Pradesh] – Akshaypatra Foundation
  • Ganjam [Orissa] – Gram Vikas
  • Nalanda [Bihar] – Nalanda University
  • Deoria [Uttar Pradesh] – Biz Gyaan Tree exercise
  • Delhi [Delhi] – Rashtrapati Bhavan and Goonj
  • Tilonia [Rajasthan] – Barefoot College
  • Ahmedabad [Gujrat] – Sabarmati Ashram

Pretty interesting list, right? Now that I get to reflect upon it, it was a long journey, but on the train it felt like a few days. The joy was similar to that of going back to school.

To be honest, I was excited for only a couple of those as I didn’t even know what most of the organizations did or where they were located geographically. But once you visit them, they get imprinted on the back of your minds. And all of them had a unique way of working and sustaining which was worth noting. The common denominator was that they weren’t profit first organizations, rather they were all people first. I believe that was the reason that they were on this list. They weren’t all NGOs. The change makers are bringing a change whilst generating good revenue, which is encouraging.

Personal Learnings

And finally we’re down to what really matters: What did I learn from the Yatra.

On the first day at Mumbai, I was really surprised to find so many nice people around. I became friends with around 15 odd people even before getting on the train. None of them were from my cohort. When I met the people of my cohort, I was a little dejected. They weren’t like the people I’d met the entire day. They were silent, spoke little and the atmosphere wasn’t exactly friendly. The facilitator sounded like a serious person. I tried to keep an open mind and reminded myself that this is the kind of adjusting exercise that I was looking forward to. Like it or hate it, this was my everything for the next 15 days.

I wont get into what happened in between, but by the latter half of the journey, that cohort turned out to be very nice, very different from what I’d envisioned on the first day; honest, caring and friendly. Each one of them had a story, they had something that made them tick, they had dreams and they were in many ways just like me. I remember the last day on train, I was happy that I was returning back to my comfy home, but in many ways I was sad to let these people go. The kind of bonding you develop when you’re ‘struggling’ together is very different from the other kinds of bonding. I learned that if you try and keep an open mind, you can adjust with just about everyone and understand them. That people are very different from what they appear on the surface and you can never tell about the book by its cover.

Another key learning has been that you cannot solve a problem without knowing the problem itself. It seems obvious when I put it up that way, but how many of us just get our daily ‘national problem report’ from the mainstream news and think about the things that need to be done to solve those problems and wonder why no one is doing it? Almost all of us. But the problems don’t become clear until one moves to their origin. I heard and spoke to numerous people who left their comfortable city life at the peak of their careers and settled in villages. These people asked the villagers what their problems were and what the solution to those problems were. Often, the person facing the problem knows the solution to it as well, but isn’t in a position to implement it.

I learned that it is very easy to sit in a restaurant and talk about the magic bullet that will solve the problem of education in the country for 20 minutes and feel good about being a up-to-date citizen, but the people who’re actually trying to improve it never really stop thinking about it. It becomes their life, and it is a really unglamorous job, not something you do and land on the cover of TIME. We tend to get bored by a job in a couple of months and question ourselves, ‘Am I making a difference?’ while these people have been working on the same thing for past four to five decades. The dedication is real, and I learned what the word passion towards your profession meant from these people.

That illiteracy doesn’t mean lack of knowledge and wisdom. I’ve heard it enough times during the yatra from numerous influential people that I’ll have to believe it. Often times, educated people are sent to villages to solve the problems there, only to end up not understanding the problem or implementing a wrong solution. Classic case of what happens with many government policies. This happens because we’re not used to listening to people who’re less educated than us. We try to give them our solution for their own problem. As Anshu Gupta, founder of Goonj.org exclaimed, kya aukaad hai tumhari?

In closing

I think the yatra is a wonderful experience. I didn’t plan to learn a lot there, just make friends and have a good time, but I did learn. I learned what cannot be taught in textbooks and communicated via blog posts. And you can have equivalent experience if you go travel places, talk to villagers and spark a conversation with random people on the bus, but if that doesn’t sound like your strongest game, give this Yatra a try!

ELI5 – DES (kinda)

Uncategorized,

In my previous post, which was a review of the book Applied Cryptography and Cryptography Engineering, I wrote that DES, in spite of retiring officially (after numerous successful attacks), is still a great algorithm from an academic perspective to learn and peek into the minds of cryptographers. In this one, I’ll try to explain DES in my own words, testing my own understanding and giving you a (hopefully) nice read from a novice perspective. So let’s get started with DES, a cipher that was once the standard for government data encryption for the US and many others around the globe, now defunct and only exists, if at all, in form of 3DES.

Before we begin, let us understand where we are (with DES) in the cryptoverse and then talk about DES itself. In cryptography, encryption of data can happen in two ways. There’s symmetric cryptography, and there’s asymmetric cryptography. In symmetric key cryptography, we have block ciphers and stream ciphers. DES is a block cipher.

A Brief History

DES, for Data Encryption Standard, is a symmetric key encryption algorithm proposed by IBM with inputs from the NSA in 1974. Not many details about the development process were shared with the world. It is studied by numerous experts and counts as one of the most studied ciphers of all time. DES was designed to keep government secrets, secrets.

The 56 bit key size didn’t impress anyone back in the day, much less today. In spite of a small key size, there weren’t any attacks faster than brute force, both theoretically and practically, until into the late 80s when Adi Shamir and Eli Biham discovered a new kind of attack on block ciphers called differential cryptanalysis. The world then learnt that NSA and IBM knew about this attack since at least 1974, and the algorithm was designed specifically to counter this attack.

In late 90s DES was practically cracked in a contest and then many times after that. The main weakness in DES was the small key size, and to patch it, 3DES was proposed which is still used today, although not recommended. But from an academic point of view, DES is a gold mine. It is easy to understand, let’s us deep dive into the way cryptographers think and learn why certain decisions are made, and most importantly, why the math just works!

DES algorithm from 10,000ft

Okay, let’s start with a super complex diagram that you probably won’t understand without 4 years of formal training in mathematics. Just kidding.


And for the sake of my love for bullet points,

  • DES is a Feistel cipher, which is a family of ciphers which are iterative in nature (repeat a simple set of instructions several times, called ’rounds’) and share many similar properties.
  • DES has a block size of 64 bits, that is, 64 bits of plaintext is converted into 64 bits of ciphertext in one go.
  • The algorithm makes use of a 64 bit key, 56 of which are used by the algorithm and 8 are used for parity check. Effective security is 56 bits.
  • DES has 16 rounds.
  • The encryption and decryption functions are almost similar, which is a great advantage as the implementation and audit has to be done for single function only, simplifying things.

So how does the algorithm work? Like any other algorithm, you can put it down as a list of easy to understand steps.



https://en.wikipedia.org/wiki/File:DES-main-network.png

  1. Take input as plaintext block of 64 bits, and key K
  2. Apply Initial Permutation (IP) on input plaintext (which shuffles the bits in a predefined manner)
  3. Split the input into left half and right half (L0 and R0) (form two equal halves of 32 bits, no tricks)
  4. Apply magic function F (not really) on the right half R0 (32 bits input => 32 bits output)
  5. Function F takes R0 and K1 as input, where R0 is the right halve (32 bit) input for the 1st round and K1 is the 1st round key. In this step, the key material mixes with the plaintext
  6. XOR output of F (32 bits) with L0 (which is already 32 bits), this is the new R1 (L0 ⊕ F(R0) => R1). R0 is simply copied to L1
  7. Thus, we’ve essentially swapped L0 and R0 with some pre-processing on R0. This completes our round 1. Repeat 4-5-6 16 times and you’ve done 16 rounds of DES.
  8. Apply reverse Initial Permutation (a.k.a. Final Permutation or IP-1) and you have your ciphertext. Tadaa!

Yes, I know, that was a mouthful, wasn’t it? This slide [link here] shows the round key Ki in action. Now that we have a basic flow, we can take on each of the components and talk about them in detail, in a proper top down approach.

Little aside on confusion and diffusion

Confusion and diffusion are exactly what they mean in plain English. They provide confusion and diffusion properties in the ciphertext. They are crucial for the overall security of the DES algorithm.

Confusion means having a non-linear, complex relationship between the key and the ciphertext. In simple words, each bit of the ciphertext has to depend on as many bits in the key as possible, such that even with a choosen ciphertext attack scenario, not much can be known about the key given a practically infinite supply of plaintext-ciphertext pairs.

Diffusion means any change in the plaintext should cause an avalanche/snowball effect and change around half of the bits in the ciphertext and vice versa.

We will talk more about how DES achieves both of these properties when we talk about the F function in detail.

DES algorithm: Major parts



Please take a moment to appreciate the effort I’ve put into the diagram. Error: The K(i) should be K(i+1)

We have here the following major components to talk about.

  • Initial permutation, final permutation
  • Round key generator
  • The round function F

Initial & Final Permutation (IP & FP)

The IP accepts the plaintext and the FP returns the ciphertext generated by the algorithm. In decryption, the ciphertext goes into the FP and plaintext leaves through IP, similar but exact opposite of encryption, which is one of the properties of a Feistel cipher. From functionality perspective, it shuffles the 64 bit input block according to a predefined vector, given below.

IP
58    50   42    34    26   18    10    2
60    52   44    36    28   20    12    4
62    54   46    38    30   22    14    6
64    56   48    40    32   24    16    8
57    49   41    33    25   17     9    1
59    51   43    35    27   19    11    3
61    53   45    37    29   21    13    5
63    55   47    39    31   23    15    7

The above text is a linear list, or a vector, and not a matrix. What it says is “take the 58th bit and connect it to output bit 1”, “take the 50th bit and connect it to output bit 2” and so on. It is basically a one-to-one substitution. So how does it, one might ask, help in adding security if the list is public and it is a simple substitution operation. Well, it does not. To quote wikipedia,

IP and FP have no cryptographic significance, but were included in order to facilitate loading blocks in and out of mid-1970s 8-bit based hardware.

Round Key generator



https://www.nagekar.com/wp-content/uploads/2020/12/key_generation.jpg

The round key generator function generates a key for each of the 16 rounds of DES. There are a couple of steps involved, as illustrated in the above visual.

  1. Permuted choice 1 (parity drop) – Get the permuted 56 bit key from the input 64 bit key by dropping the parity bits (bit 8, 16…64 are dropped). The permutation is done according to the predefined vector shown below.
    2. PC-1
57   49    41   33    25    17    9
 1   58    50   42    34    26   18
10    2    59   51    43    35   27
19   11     3   60    52    44   36
63   55    47   39    31    23   15
 7   62    54   46    38    30   22
14    6    61   53    45    37   29
21   13     5   28    20    12    4
  2. Split the 56 bit key into two 28 bit halves, and left shift them either by one bit (for round 1, 2, 9 and 16) or by two bits (for every other round).
  3. Concatenate the two halves thus returned after left shifting, and apply the permutation table 2 to the concatenated pair.
    4. PC-2
 14    17   11    24     1    5
  3    28   15     6    21   10
 23    19   12     4    26    8
 16     7   27    20    13    2
 41    52   31    37    47   55
 30    40   51    45    33   48
 44    49   39    56    34   53
 46    42   50    36    29   32
  4. Permuted choice 2 (compression p-box) – Takes a 56 bit key and returns a 48 bit round key Ki after dropping another 8 bits
  5. The 48 bit round key is then used by our magic function F (remember that?) to mix key into the plaintext by xoring the plaintext with this 48 bit key. (Wait, but our right input halve Ri is 32 bits, right? Yes, we’ll get to how our input is expanded to 48 bits in the next section)

Round Function

We’re finally into the meat of this beautiful algorithm. I’ve mentioned in brief about what the round function consists of. To reiterate,

  • Split the input into left half and right half (Li and Ri) (form two equal halves of 32 bits, no tricks)
  • Apply magic function F on the right half Ri-1 (F takes 32 bits input and gives 32 bits output), where Ri-1 is the right halve of the ith round and Ki is the ith round key. This is where the key material mixes with the plaintext.
  • XOR output of F (32 bits) with Li-1 (which is already 32 bits), this is the new Ri (that is, Li-1 ⊕ F(Ri-1) => Ri). Unaltered Ri-1 is simply copied to Li

What we haven’t talked about is the magic function F itself. The magic function F isn’t really magical. It just does 4 neat sub-operations, and does them really well.



https://www.nagekar.com/wp-content/uploads/2020/12/Data_Encription_Standard_Flow_Diagram.svg

  1. Expansion function E
  2. XOR with round key
  3. S box substitution
  4. Permutation

Let’s look at them one by one and try to see where exactly they fit in and what cryptographic property they give to our ciphertext.

Expansion function
E BIT-SELECTION TABLE
32     1    2     3     4    5
 4     5    6     7     8    9
 8     9   10    11    12   13
12    13   14    15    16   17
16    17   18    19    20   21
20    21   22    23    24   25
24    25   26    27    28   29
28    29   30    31    32    1

As the name might have hinted, the expansion function expands our plaintext input. Expansion gives us diffusion. It diffuses the impact of change of one bit in the input across the block. Remember how the 32 bit Ri part of the 64 bit input is sent to the F function? E function takes those 32 bits of input and expands them to 48 bits. How it does that? Well, repetition, of course. So it basically takes input as 1 2 3 4 5 6 7 8 and outputs something like 1 2 2 3 4 4 5 6 6 7 8 8, effectively increasing the size by 50% (32 => 48).

XOR with round key

XOR is a simple mathematical operation that has a very important property from a cryptographic standpoint. If you XOR a number A with B, you get a new number C. To get A from C, you need B. To get B from C, you need A. Basically, A ⊕ B ⊕ B = A, and A ⊕ B ⊕ A = B. XORing plaintext and key locks them in a interdependent mixture such that to get back the plaintext, you have to have the key with which it was XORed (locked).

S-box substitution

In some ways, this is the heart of the algorithm. S-box substitution gives us confusion. There are eight S-boxes in total, each taking 6 input bits and giving 4 output bits. S-boxes provide DES immunity against differential cryptanalysis which I mentioned at the beginning of this article. Here’s S-box number 1.

      0  1   2  3   4  5   6  7   8  9  10 11  12 13  14 15
-------------------------------------------------------------
  0 | 14  4  13  1   2 15  11  8   3 10   6 12   5  9   0  7
  1 |  0 15   7  4  14  2  13  1  10  6  12 11   9  5   3  8
  2 |  4  1  14  8  13  6   2 11  15 12   9  7   3 10   5  0
  3 | 15 12   8  2   4  9   1  7   5 11   3 14  10  0   6 13

Here’s how it works. After the XOR operation, we are left with a cryptic looking 48 bit string.

say 110010101100101111111100110111101100111010101001

Now we take this 48 bit string and divide it into 8 equal parts of 6 bits each, and input one of the 8 parts into each S box.

SB1(110101) SB2(101100) SB3(101111) SB4(111100) SB5(110111) SB6(101100) SB7(111010) SB8(101001)

Now, our S-box 1 receives 110101.

We take the first and last bit (1 and 1 in this case, coloured yellow), concatenate it to form a two bit number (1 . 1 => Binary(11)) which is 3, and look it up in the row labels of our S-box 1.

Similarly, we take the middle 4 bits (2 to 5), which in our case are 1, 0, 1 and 0, coloured blue, concatenate them to form a 4 bit number (1 . 0 . 1 . 0 => Binary(1010)) which is 10, and look up the corresponding column label in our S-box 1.

The number corresponding to row 3 and column 10 is 3, which is 0010 in 4 bit binary representation. That is the output of S-box 1 for input 110101. Similarly do this for S-box 2-8, for each of the 16 rounds of DES. The result of the 8 S-boxes (4 bits each) is combined to get a 32 bit output.

Permutation

The final step of our magic function F is a simple one-to-one permutation, taking 32 bits and returning 32 bits.

16   7   20  21
29   12  28  17
 1   15  23  26
 5   18  31  10
 2    8  24  14
32   27   3   9
19   13  30   6
22   11   4  25

Catch your breath



I’m really too proud of this picture. Edit: Not so much after finding that K(i) => K(i+1) error.

Wake up! Do you even remember that all this was done on Ri?

Now, after the F function, which wasn’t very magical after all, returns the 32 bit output, we XOR it with Li, which gives us our new Ri+1, while the untouched Ri is simply copied to Li+1‘s place. Hence begins a new round of DES, which goes on this way for 15 more rounds.

After 16 rounds

Not much is left to be done after the 16 rounds. The two halves are concatenated, the 64 bit cipher block is then passed through our final permutation using FP vector given below, and this gives us our ciphertext. Easy.

40     8   48    16    56   24    64   32
39     7   47    15    55   23    63   31
38     6   46    14    54   22    62   30
37     5   45    13    53   21    61   29
36     4   44    12    52   20    60   28
35     3   43    11    51   19    59   27
34     2   42    10    50   18    58   26
33     1   41     9    49   17    57   25

Wrapping DES Up

So that was DES. I hope you enjoyed reading this article. I’m expecting some mistakes, technical and otherwise, so take everything with a pinch of salt. Some interesting reads are given below for those of you who wish to learn more. I realized that writing this article was a nice way of testing my own understanding of the topic, find holes in it and then study to fix those holes. As always, thank you for reading!

Further Reading

Book Review – Applied Cryptography Part I And II – Bruce Schneier

Uncategorized,

This book has been, without a doubt, crucial in aiding my understanding of cryptosystems and why things are the way they are, and how do these cryptic crypto algorithms even work. If you are interested in learning how to develop software that are ‘correct’ and secure, then this is a great book to understand what are the primitives of information security, what algorithms already exist and which ones to use in what scenario.

So the motivation to pursue a thorough understanding of cryptography and to gain the ability and knowledge required to make a secure cryptosystem came sometime after college ended, when I and Kunal were working on a terminal chat application that would support end-to-end encryption. At that time, I hardly knew what I had gotten myself into (which is similar to a lot of things in my life), as the application development part seemed very simple. We got done with the application part, terminal app and the backend, and then came the encryption part, and that is when the knowledge about existing techniques and understanding of basic crypto primitives fell short. And that is when I started reading about cryptography and stumbled upon this book.

Although they seemed daunting at first, both the books are very accommodating for a wide range of audience, right from someone like me who barely knew what a block cipher is, to the more experienced folks who might understand all of the mathematics given in the book in the first go. While not very complex (school grade algebra with addition, multiplication, modulus and xor operations), it takes a little effort (read: re-reading a topic 3 times, sometimes more) to actually get what’s happening, why an operation is being performed, for example.

While reading the first book, remember that it was written when I was literally a year old, in 1996. Hence, although the engineering principles and general recommendation is still valid, you need to keep in mind that the algorithms recommended in that book are not valid (as attacks are found for many of them and DES has officially retired), and that is corrected in the second edition of the book. In any case, studying the DES algorithm in detail should be a delight for any crypto nerd, regardless of its practical value.

The second version is more up to date, and for some reason I was more comfortable reading it than the first one. It might be because I knew a little more while reading the second edition, which can be a good tip: If you’re serious about understanding cryptography from an engineering standpoint, skim over the first book and make a note of everything that you find useful and interesting, and do a more detailed study of the second edition of the book.

What I found nice about the books is, they really are ‘applied’ books. It isn’t all mathematics and algorithms, but the actual merger of these algorithms into real world systems. In the real world, cryptography and cryptosystems don’t exist in isolation, but play a small role in the larger scheme of things. Breaking a cryptosystem is usually reserved for the more resourceful adversary, and while these (well established and peer reviewed) cryptographic primitives rarely fail, when they do, it is catastrophic. The computational infeasibility makes the theoretical aspect of cryptography very secure. Problems appear when they are implemented, and that is where the bugs start to show up. Then there is the software development methodology which usually prioritises deadlines and features above security. There is a section dedicated to explaining what ‘trust’ is, how it forms such an important aspect of information security and secure software development. Overall, the book is quite interesting to read, and the content is without a doubt top quality, which is what one expects from Schneier.

In closing, I’d recommend this book if you are into security and wouldn’t mind knowing the details of some of the fundamental algorithms that make the digital revolution possible. Thank you for reading.

Book Review – Responsive Web Design By Ethan Marcotte

Uncategorized,

It has been a while since my last book review post here. Not that I stopped reading, but I kinda stopped reading non-tech things lately, and hence, there were no new posts. But today, it hit me that I can (and should, given this is a personal diary) write about pretty much anything that I read and find interesting. So here it is, a book by Ethan Marcotte, which I first read about a year and a half ago and then re-read it before a month or so. Responsive web design wasn’t (and still isn’t) my piece of cake. Heck, web design was something totally alien to me in the first place.

The happy realization that being able to set up websites (read: wordpress/joomla blogs on a nix server) doesn’t make one a web developer, much less a designer, came about two years ago, when Dhananjay, a college senior of mine, was contacted by one of his contacts who was looking for a frontend developer. The task was supposed to take a couple of hours at max. Knowing that I did things around the web, Dhananjay outsourced that opportunity to me.

That was one incident that still gives me chills, and I wrote a bit on that earlier. Not only because I realized how horrible I was with frontend and design, but also because I didn’t have the slightest clue about deadlines, how to and how much to work, and how to deal with things that are out of my control. It was a design heavy page, and I had a depth first approach of dealing with things. The end result was that a few pieces took up 80% of my 5 days of work (easily worked for over 70 hours), and the end result was nothing short of a design disaster. That one incident has taught me a lot, especially about how real work happens.

I guess it was then when I had read Ethan’s book for the first time. I believe it wasn’t as much for learning as it was to put on some burnol on my bruised ego. But nevertheless, even then the book had given me much insights about what web designing actually is, and why it isn’t very different from what I had been doing all along, it just requires thinking in a different mindset.

Fast forward to June this year, I interviewed at a couple of places for the role of a web developer. I was expecting a role on the backend, maybe a nodejs or python based job, but instead, I got a job as a ReactJS engineer. Yeah, a frontend engineer. As difficult as it was for me to digest it, I had to accept the fact that I will be dealing with a lot of CSS now. I had to up my design game, or it was game over, and I seriously didn’t want to screw as bad as I did two year ago. My friend Kunal was kind enough to lend me his Head First HTML & CSS book which I am currently reading. But apart from the raw knowledge, it was the mindset that I required immediately, the mindset of a frontend developer, and for that, I picked up Responsive Web Design once again.

Shall we start with the review, Plis?

Sure. The author starts by talking about architecture, responsive architecture in particular, about artists and their canvases. Responsive architecture is all around us, from window panes that allow variable amounts of light depending upon the time of the day, to modern home equipments. The author then talks about the usual restrictions in print media, and how web designers are fighting hard to recreate those restrictions on our browsers. We do not have to do that. The canvas of a web designer is inherently responsive. It isn’t a flaw, it is a freedom.

The author makes sure that reading this book won’t feel like the usual wall-of-text-hitting-your-face-with-technical-jargon experience. The book feels like a spiritual exercise, as if web designing is an art waiting to be discovered by an engineer who always saw it like a soul dead practice of giving random attributes to random elements and praying to the Gods of DOM that it looks just decent enough to pass the QA. I was really immersed into the book as I was reading it, and hoping that it lasts forever, which it obviously didn’t. The book is not long, and is divided into three sections; The responsive grid, Responsive images and Media queries. After reading this book, you’ll look at hardcoded ‘px’ values as if they were taboo in your (code) culture. The author shows how simple calculations can turn all the zombie pixel measurements into the more lively ’em’s and ‘rem’s, which are, of course, responsive.

A good article that the author strongly recommends is a blog post that was written some 17 years ago from now, but still is as relevant today as it was then. The post is called A Dao of Web Design, and it falls into the must-reads category for me. To give you a taste of the article, read the following quote.

The control which designers know in the print medium, and often desire in the web medium, is simply a function of the limitation of the printed page. We should embrace the fact that the web doesn’t have the same constraints, and design for this flexibility. But first, we must “accept the ebb and flow of things.“

Beautiful, isn’t it? Suddenly, web design isn’t something that you do when you’ve done everything you could do to avoid it in the first place. True, writing CSS by hand is time consuming, working and supporting multiple browsers and display sizes is stressful to say the least, and most of the time, you’re better off using a ready-made solution like Bootstrap or Semantic, but once in a while, it is good to think about web as your canvas and think of yourself as an artist trying to fill in beautiful colors into the canvas. Now whenever I think about the different ways in which my web application is supposed to look on different screens, I remind myself that it isn’t a ‘restriction’ that the app needs to look that way on that screen. Rather, it is a freedom that the app can look the way it needs to look in order to be the most comfortable version of itself for that particular reader. Ever seen a person struggling with folding a newspaper on a busy bus stop, or a cautious women carrying a large piece of art in her arms, making sure she doesn’t bend it, yes, that is exactly what a restriction, a limitation looks like. Thankfully, our dearest web doesn’t have that one. Thank you for reading.

Tinkering With OBD-II Port

Uncategorized,

I’ve been seeing people hook up their computers to their cars from quite some time. It is a common sight if you watch any motorsport event on television, where technicians are seen working on their laptops that is connected via a cable to the car or bike. I found it quite fascinating. “What interesting tweaks must they be making to that machine with that computer!” I thought. The idea of tweaking a machine to improve it’s characteristics wasn’t new to me. Overclocking is nothing new. But obviously, since I saw all those professionals do it, I assumed there was no way for such an interface to exist on our everyday road vehicles.

And I was wrong. I discovered that, by law, it was necessary for all cars to have a diagnostics port, called the On-Board Diagnostics port. The latest revision for that port is v2 or OBD-II, and all cars manufactured after 1996 should have one. Also, sometimes, the automotive Youtubers I followed showed various stats on the screens such a the engine rpm, throttle position, boost pressure etc. So that implied there exists a way to extract those stats out of the vehicle’s ECU. Interesting. A quick Google search for “odb scanners” revealed that they’re not very expensive either (with cheap clones available for as low as INR 300, USD 5 or even lower). After researching a bit, I learned that there was loads of data that came out of that little adapter, and that great Android applications (like Torque and DashCommand) exist which spit out the data into beautiful dials and graphs (like the ones on the Nissan GTR ♥) I was awestruck. What more can a nerd ask for!

All this happened a couple of months ago. I knew I needed to get one of those. I waited a couple of months and finally ordered it earlier this month. The first challenge was to find the OBD port. Unlike some other cars, Zacky’s OBD port was hidden behind the fuse box cover, the adapter had to go inside there. I managed to access the port without opening the fuse box and problem solved! Plugged in the adapter, paired with with my phone and it started sending data. That was one of the best feelings ever!

Some of the data it sent that I found particularly interesting to read was

  1. Boost pressure from the turbocharger
  2. Engine RPM
  3. Coolant temperature
  4. Engine load
  5. Error codes and provision to reset them
  6. Horse power, torque, acceleration and other such “calculated” data by combining sensor data with phone’s sensors like GPS and accelerometer and known parameters (like vehicle weight, engine displacement etc)
  7. and loads of other cool stuff

Note that the available sensor list varies from manufacturer to manufacturer, so keep that in mind. But even with the most basic, the experience is fun. It’s like opening task manager on your computer for the first time. Wow, so I can actually run this h4ck3r stuff, right?

Interesting Learnings

– Negative boost pressure When you start the car and drive it normally, you’ll notice that the boost pressure gauge will read negative (technically, not pressure but vacuum). Only when driving hard (shifting late, for example), will you notice the boost pressure rising. I thought it was some erroneous data from the sensor so I read up a bit. Turns out, at high rpm, the turbo forces the air fuel mixture into the cylinders. But what happens when the turbo is running too slow for compressing air? It simply works as a naturally aspirated engine and sucks in air during the intake stroke. THAT sucking part explains the vacuum. Cool!

– Driving modes So Zacky featured this thing called driving modes. Putting her on “Sports” made the throttle more responsive but reduced fuel economy while putting her in “Eco” did the exact opposite. Now I could’ve told you that this isn’t just marketing and if you test it out, you can even feel a noticeable difference, but that was all I knew. Now, after driving for a while with the boost pressure gauge in front, I made this little observation. When in normal drive mode, the turbo does not spool over 4-6psi boost. But as soon as I go ‘sport’, the turbo goes well over 10psi, even 12 if the sensor is to be believed, which is pretty fantastic.

– A better understanding of the relationship between torque and horsepower, and what each number actually implies. Yes, power is work done per unit time, but what exactly does that feel like. Why do diesels have same horsepower figures even after having loads of torque. It gets really clear once you see the torque, the rpm and the (thus calculated) horsepower figures side-by-side.

Torque curve So there’s this thing called a torque curve of an engine, which is just a curve with torque on one axis and RPM on the other. For an IC engine, the torque is not linear (as with electric motors), but a curve with a peak at some specific RPM (or RPM range, which is why a torque (or horsepower) figure is always accompanied by a RPM range), and tapering off at both the ends. To get the maximum acceleration, you have to keep this curve in mind when changing gears.

Now show me some kode!

Yeah, right. So while I was on all of that, I thought, why not study the protocol itself and try writing a little script to pull the raw data from the sensors out, just for fun. Right, but how? This thing is running on Bluetooth, and how do you sniff that. Is there something like Wireshark for bluetooth? Googling “Wireshark for bluetooth” reveals that Wireshark is the “Wireshark for bluetooth”. Damn!

But before wireshark could sniff, I needed to get thing thing connected to my laptop. That’s pretty straightforward. After having it running at /dev/rfcomm0, fire up Wireshark and keep it listening on Bluetooth interface.

Okay, pause. Here’s the funny part. The above text was written some 4 months ago. Then I had to do a lot of physical work to take my laptop into Zacky and do all the research/coding from there. I remember going out at least 3 times, but for some weird reason, never bothered to finish writing this article. I’m putting this out right now so that I will remember to write the part-II for it during the next weekend. Stay tuned.

Better Web Browsing

Uncategorized,

My web browser is by far the most threat-exposed application that I use on my laptop and mobile phone. Not only does it have to trust web developers and run the scripts they wrote, which probably aren’t all that great with respect to user security and privacy, it also has to deal with literally thousands of ad networks and other third party scripts that are specifically designed to invade your privacy by tracking you online.

The people behind these nasty things are not crooks or cyber criminals working from a shady basement, but are very smart people, working for the top Internet companies and making themselves and their employers more money than what you and I can imagine in our humble minds.

Given that billions of dollars are at stake, you and me as common Internet users don’t have much of a say in this. They will track you, trade your data, make money while you enjoy their ‘free’ services, and kick you out the moment you don’t comply with their policies or stop agreeing to their rules.

The only thing that we control is what data are we giving to these Internet giants. While not many people realize or even care about it, there are ways in which we can limit our data leaking to the Internet, and the first step in doing that is hardening your browser. This article is an attempt to cover a number of steps everyday Internet users can take to protect their identity online and improve their information security. I was inspired to take up this topic for writing after a detailed explanation on the same in Nathan House’s Network Security course on Udemy. Do check it out.

Know thy browser

Your browser is a very powerful piece of software. The level to which it can be fine tuned to serve you the content that you wish to see is huge. The about:config page has some very useful options for both privacy and security. While almost anybody might have a hard time configuring Firefox via the this menu, there’s a helpful website called ffprofile.com that does a great job at making sense of some of those options and exporting a pref.js file.

Make sure you read the options and select the ones that you need depending on your privacy and security needs. For example, I deselected the disable auto updates option because the privacy gain from doing it is minimal (for me), while the security trade-off is huge, potentially leaving me unarmed at times. If you, like me and most others, can’t go full Stallman-mode anytime soon, make sure you set up an alternate profile in Firefox (firefox -no-remote -ProfileManager) and set up non-secure browsing preferences there, selecting it via firefox -no-remote -P username, or using an addon. Learn more about Firefox profiling here.

Apart from that, try to use a non-tracking search engine like DuckDuckGo, StartPage etc, use incognito mode by default (in Preferences > Privacy and Security), and use history saving only when required and on trusted sites. Use HTTPS whenever possible (Check out EFF’s HTTPS Everywhere addon). There are addons available to notify you of certificate change in HTTPS enabled sites (which can hint a MITM attack), but they are of little practical value as sites update their certificates all the time. There are a bunch of useful addons that will come bundled with ffprofile, but you can also download them manually from Mozilla’s addon store.

Disable 3rd party cookies

3rd party cookies are used for tracking users on third party sites. It is usually harmless to disable them. What might not work after disabling them are your social like/share buttons and commenting platforms like Disqus, but that’s what we want in many cases. You can also consider setting up delete all cookies when you close the Firefox window.

Use a VPN

VPNs are not really part of browser hardening checklist, but they offer good privacy over any insecure network. A lot of middle men in your Internet packet’s journey can potentially know what sites you visit, especially on insecure HTTP connections. Even on HTTPS, your browser’s DNS lookup might give away some information about your browsing habits. On insecure HTTP website and a shared Wifi access point, you can assume at all times that the other users connected to that Wifi, the access point and the ISP can literally see each and every request that you make. VPN takes away this data leak by creating a virtual tunnel between your computer or mobile device and the VPN’s server. The connection is encrypted and hence sniffing cannot happen in between. All requests, even DNS can be (and should be) configured to use the VPN.

It is important to understand that sniffing can occur on the VPN’s end on an insecure connection, and hence you need to select a VPN provider with utmost care. Even after this, there’s a bit of trust involved when choosing a provider. Our best bet is to try to opt for a provider that maintains a zero knowledge service.

Use a password manager

Although it is an extremely bad practice to write passwords down, another very common mistake we as Internet users do is reuse passwords on many sites (I’m guilty as well), which in some cases is worse than writing down passwords for each individual online account. We know that at least some of the sites store your password in plaintext, while a lot more use weak hashing algorithms. Since we can never be sure, always assume that the password you submit to any site can be accessed by an adversary, and used against you. If you’ve reused your email provider’s password on any other site, the website’s admins or any attacker who has/gets access to the website’s database might be able to take over your email account and other services connected to that account. It is for this reason that using separate passwords become important.

However, as human beings, we have more important things to remember than random alphanumeric strings. This is where a password manager comes in. It takes away your responsibility of having to remember 15 different passwords by making you remember one master password. Sweet, huh? This might look like an extra point for failure, but in the broad scheme of things where an attacker might get one of your password and literally own your digital life, this is a much safer option. What’s more, the passwords are either never stored on the disk (generated on the fly based on the master password and website’s name) or stored in encrypted form on the disk (or in the cloud). On the downside, this also means that if you lose your master key, you lose all your accounts.

Use 2 factor authentication. Always.

Whenever it is an option, use a second factor of authentication. It can be anything; a phone call, SMS, email, authenticator app (like freeOTP) or whatever. The increased effort is totally worth it considering the alternative is to risk an asset, possibly an important one. Remember that defense in depth is an effective concept in security, both in the real and digital world, and we must make use of it wherever possible.

For the paranoids amongst us: Use a live operating system

A live operating system does not store any data in between sessions. Every time you log into the system, it is like logging into a freshly installed operating system. Naturally, there’s not much tracking that can be done, and as nothing is ever written to the disk, this method offers best privacy if done properly.

Using applications in virtual machines also protect users against sandbox escape vulnerabilities. Since we’re here, check out Tails Linux, a gnu+linux distribution that is designed to be used live and offers great tools to aid privacy. Another great live operating system is Whonix, which comes in form of a ‘gateway’ (connects to the tor network) and a ‘workstation’ (connects to the gateway). Then depending on your hardware, Qubes OS might be a good choice, something that I look forward to trying when I have compatible hardware.

Lastly, remember what Bruce Schneier told us

“The question to ask when you look at security is not whether this makes us safer, but whether it’s worth the trade-off.”

I’ll leave you with that TED talk here. Thank you for reading.

Mozilla Firefox Is Back!

Uncategorized,

It is no secret that I’m a huge fan of Mozilla, the organization, and their browser, Firefox. The reasons are pretty clear, it’s a decent browser, comes with tonnes of customization capabilities, is backed by an organization who’s business model doesn’t involve knowing each little detail about you as a person, and is made and backed by the free software community.

I used the word decent, and not great or amazing, because it is not. It isn’t as fast as Chromium, feels sluggish and looks outdated. The other advantages still remain, but the impatient Internet citizen of 2017 isn’t going to take a slower browser for idealogical reasons. And I’m feeling extremely proud to tell you this is exactly what Mozilla got right this time. Firefox 57 isn’t just a little cosmetic update to the previous build (although I would’ve even celebrated a cosmetic update), it is like the first major upgrade Firefox received in years. And guess what, it is fast. Very fast. Chromium fast.

I’ve started using the beta (the stable should come out in November), and it feels pretty solid. The UI is more fluidic, rounded corners in tabs are replaced by more modern rectangular ones, the preferences page is all changed and so have most things. If you’re a long time Firefox user, this update is going to feel like a dream. If you’re a Chrome user, then well, you’ll feel some similarities, right at home, but now you have the usual power of a free software. You can see a comparison video posted by Firefox a few days ago below.

If this interests you, find out more about Firefox Quantum by clicking here. I really liked it, and I’m sure you will too. Just give it a try. Download it via this page that lets you select a build for you operating system and locale.