Cifrado y Software Libre

La experiencia del confinamiento nos está llenando de palabras que suenan rebuscadas y sin embargo no son nuevas: cifrado, encriptado, libre, abierto, descentralizado… por qué?

No es cuestión de interés sino de necesidad

Para no adentrarme en un tema político que en algunas regiones del planeta se está volviendo muy común y muy constante, voy a intentar hablar sobre 2 cosas que parecen antítesis: Seguridad y Código Abierto.

¿Cómo podría un Software OpenSource ser seguro?

En pocas palabras, un software de código abierto, tiene la potencialidad de ser más seguro que uno de código cerrado o privativo, ya que, expuesto a la audiencia adecuadamente formada en el tema, puede beneficiarse ampliamente de los conocimientos y correcciones de la comunidad, y tener transparencia en el uso y propósito final de la herramienta.

(…) cuando un programa comenzó como código cerrado y luego se convirtió en código abierto, a menudo comienza a ser menos seguro para cualquier usuario (a través de la exposición a vulnerabilidades), y con el tiempo (digamos unos años) tiene el potencial de ser mucho más seguro que programa cerrado Si el programa comenzó como un software de código abierto, es más probable que el escrutinio público mejore su seguridad antes de que esté listo para ser utilizado por un número significativo de usuarios, pero hay varias advertencias sobre esta declaración (no es una regla férrea).

Chapter 2.4: Is OpenSource good for security?, Secure Programming HOWTO, David A. Wheeler, 2015

Cifrado

PGP, o “Pretty Good Privacy” fue inventado en 1991, y es un programa que proporciona una forma efectiva de cifrar mensajes a partir de claves privadas de descifrado, pertenecientes a cada uno de los eslabones de la cadena (el emisor y el receptor).

Hoy en día usamos PGP y una versión OpenSource llamada GPG (GNU Privacy Guard) para una variedad de tecnologías derivadas que, sin darnos cuenta, usamos todos los días.

Con la llegada de PGP, las cosas cambiaron. Al principio el usuario común no sabía cómo mantener seguras sus comunicaciones y su información personal, ni tampoco empresas y otras entidades querían que se encontrara un método. Por suerte, después de 20 años, PGP ha colmado este vacío, demostrando ser un sistema capaz de garantizar privacidad y libertad.

Kaspersky Daily

Descentralización: Cifrado de Extremo a Extremo

Con la llegada de las redes de información e internet, aparecieron conceptos nuevos, para facilitar la disponibilidad de los sistemas al rededor del mundo, y así como en otros ámbitos como la política y –guiño a los fans de la sucesión de Fibonacci– la naturaleza, surgió el concepto de sistemas descentralizados de información o computación distribuida, y con este, por necesidad, surgió este nuevo viejo concepto de cifrado, en el cual, las claves privadas de descifrado, en lugar de guardarse de forma centralizada en un solo lugar, se quedan en los lugares en los que fueron forjados: Los Usuarios.

El cifrado de extremo a extremo (End to End Encryption) es un sistema de comunicación donde las únicas personas que pueden leer los mensajes son las personas que se comunican. Ningún espía puede acceder a las claves criptográficas necesarias para descifrar la conversación, ni siquiera una empresa que administra el servicio de mensajería.

Wired Magazine: What Is End-to-End Encryption?

De esta manera, la responsabilidad de la seguridad de los mensajes, conversaciones y datos en general, vuelve a donde se originó la necesidad, y es que es el lugar en donde tiene que permanecer, ya que está mas que demostrado que la descentralización distribuye la responsabilidad de la seguridad en sus necesitados, no interesados.

Software de Código Abierto Disponible

Lamentablemente, no hay tanto software disponible que sea OpenSource y además no recopile otro tipo de información a cambio, como “telemetría” y datos personales de usuarios a través de cuentas de correo electrónico y números telefónicos. Pero estos son los que mas se acercan a este modelo de libertad y protección de la propiedad privada:

  • Jitsi
  • Signal (para mensajería y videollamadas no grupales)

Estos 2 sistemas están basados en una tecnología hecha en Google llamada WebRTC que también es OpenSource y que la usan también Google Meet/Hangouts, Facebook Messenger, Discord, HouseParty y otros.

Qué dicen otros Expertos?

La empresa privada AVG Technologies, conocida por el software AVG Antivirus, tiene un blog llamado AVG Signal, con sugerencias de expertos en seguridad y otros temas para los consumidores. Recientemente publicaron un listado con Las mejores aplicaciones de mensajería cifrada en donde han reconocido a Signal como la mejor de este año.

La Fundación Mozilla tiene un sitio de ayuda para el consumidor, llamado Privacy Not Included, con un listado del hardware y software mas popular ordenado en base a qué tan “tenebroso” es. En este listado también se han reconocido a Jitsi y a Signal, pero además muestra los standards de seguridad que cumplimentan las otras alternativas como Google Meet, Microsoft Teams, Zoom, y otros.

 

 

My Bluetooth Summer, not so BLE(h)

Hi there,

This last summer I developed Bluetooth Low Energy (BLE) interfaces for a couple of embedded boards and an Android app companion to operate the boards.

BLE Serial Console is currently in Beta and is available in Google Play.

Special thanks to Federico Biagioli who made the app’s Icon!

screenshot_20170202-170429
BLE Serial Console discovered all HM10 Services!

The app can discover all the GATT Services available in a BLE device. It was tested with an HM-10 module (in a breakout board) and Intel Edison’s HM11 integrated BLE module. BLE uses a protocol called Generic Attributes Profile (GATT), that exposes hierarchical data on any BLE device.

Once you enter the right GATT Characteristic, if it has Read/Write permissions you can exchange data with the module from the app to whatever device is connected to the BLE Module. Additionally, if the GATT Characteristic has the Notify permissions, you can subscribe to the device, and receive any updates made to that GATT Characteristic from the other side of the line. Subscribing will enable you to have bidirectional communication with the module.

HM10’s breakout board works with 3.3V with voltage and logic converters and exposes TX/RX pins that you can connect very easily to any Arduino based board having UART protocol. In my case I connected the RX/TX pins to the RS232 RX/TX pins in the CIAA board. HM10’s default GATT Characteristic contains a 20 bytes long registry with Read/Write/Notify permissions.

Service UUID: 0000ffe0-0000-1000-8000-00805f9b34fb
Characteristic UUID: 0000ffe1-0000-1000-8000-00805f9b34fb

0-eus-d2-72d06ae14d9237e9a9a5f176123d903b
EDU-CIAA-NXP & HM-10 BLE Module in Action

I wrote some node.js code for Intel Edison’s board. To enable BLE in this board you have to login and run 3 commands:

rfkill unblock bluetooth
killall bluetoothd
hciconfig hci0 up

After this, you can flash your javascript code to the board, connect & subscribe to the BLE device and operate seamlessly like any other Serial Communication app.

Last but not least, I wrote some plain twenty first century C code to interface with an embedded board called CIAA (Computadora Industrial Abierta Argentina). I connected an HM-10 BLE module to the board and configured the interface between a PC terminal, the board itself and the BLE module in Master Mode.

Bubblr updates for Android 7

Hello true believers!

I recently updated Bubblr’s Free and Full version, so you can enjoy using it with your Android Nougats!

Also, some of the updates include:

  • Auto dismiss buttons when clicking on them
  • Updated all the app-compat packages to 25.2.0
  • Bigger Icons 56 dp when not using FABs

Check them out!

Free Version:
https://play.google.com/store/apps/details?id=org.pampanet.mobile.bubblr.free

Full Version (only 2 bucks!):
https://play.google.com/store/apps/details?id=org.pampanet.mobile.bubblr.full

My Kotlin adventures: 5th Generation Language Awesomeness

Kotlin is a new programming language developed by the guys at JetBrains. Since it’s version 0.9 I’ve been testing the syntax and features and I must say that it’s amazing.

I developed a couple of Android apps which are now released in Google Play. Made 100% with Kotlin.

Bubblr is an application meant for the guy that wants a really fast shortcut to his everyday apps. it wants to be a very lightweight app launcher based on FABs (Floating Action Buttons). It is intended to be really simple to use and very lightweight (approximately 8 MB).The launcher adapts to the screen drawing an Arc of buttons that you can add, remove (swiping) and even sort by doing drag & drop with the buttons. Buttons are customizable, having the ability of being bubbles or icons within colored FABs (colors also customizable). The free edition has an Ad Banner at the bottom, safe and not intrusive. The Full edition doesn’t have Ads.

Augmented Fence (AFence) is an augmented reality fence, which uses Google Maps to display points stored in a sorted list, drawing a polygonal figure, and determining whether the user is inside or outside of the figure described by the polygon, and it allows you to activate alarms when the user is near the limits of the fenced area. The full edition doesn’t have any limitations.

To be able to develop these apps I used Android Studio with Kotlin’s plugin. The development was really faster y smooth than with other languages for Android, plus all the advantages that come from Functional Programming Languages, making your development experience more motivating and relaxing.

How many of you enjoy the term “tail recursion”? It’s like going into a traditional cafeteria and ask for a “mochaccino”, even though the tail recursion has been here since the days of Lisp and Haskell.

How about “pattern-matching” and “functional thread-safety”? These are some of the advantages of using a Functional Programming Language.

I think the world is going to make a leap of paradigm eventually, and staying in Java can be tough when that change happens. Java might be able to turn into COBOL… yuk!

It’s definitely the time to start giving 5th Generation Languages a chance, a try, and an APP.

Cheers!

Monkey Business – Xamarin Forms 2.3 Released

A new version of Xamarin Forms has been released, with a Xamarin Studio upgrade as well. These are very exciting news for cross platform developers wanting to have more control over the look and feel of their XF application without compromising quality and freshness.

Recently I tweeted about one of the features in XF 2.3, in context of one of Xamarin’s Contests.

I tested the new Native Embedding for Xamarin Forms Shared Projects. This feature is really interesting, as it lets you add components that aren’t fully cross-platform-ish into a Xamarin Forms specific platform, all this from within the Shared Code Project.

That’s inside a ContentPage, ContentView, or even a BoxView! Yay!

In the end I think it’s great news for developers, but maybe not so much for Project Managers, Product Owners, and any other management position. It’s a risk for them, because UI/UX designers usually operate with standard components and sometimes those components aren’t present in the other platform (iOS checkboxes, radio buttons, hello? hehe), and for the developer it’s sometimes confusing whether to complain about an over complicated flow which is cross-platform or to create 2 (two) separate workflows to have consistency with the platform itself. It’s a risk for managers, because in the end, the developer (the ones that figure there’s an existing 1 platform native component) tends to use these “hashtags” called preprocessor directives, making the compilation process of the application conditional to the specific platform. But, wasn’t this the one case the managers were trying to avoid, in favor of speeding cross-platform-ing?

TL;DR

To continue the fun part of this post, after a couple of weeks I received confirmation that I won the code-monkey plushy and here’s the end result of all this:

It’s clearer as days pass that it’s getting easier to be a good developer. If you are such one, convince your manager that too much cross-platform-ing can kill pandas, make kittens sad, and encourage global warming, and leveraging platform specific design strategies, save lives, and speed up the whole development process, and even may reduce the amount of Giphys sent in a day… LOL!

This is a very good step forward for developers to write awesome apps in C#, but beware the platform specific documentation… LOL

Again, thanks to #xamarin for the code-monkey and I’m looking forward to get into more of their contests.

Cheers!

Xamarin Forms 2.2.0.5-pre2 Released

Hi all,

This is great news, Xamarin Forms NuGet package will get another big upgrade with 2.2.0 stable release.

I got notice about it because one of the bugs I reported about CarouselPage is in RESOLVED status. It seems that CarouselPage is going to be deprecated in favor of a new View called CarouselView.

I’m very excited about the amount of bug fixes and new features in 2.2.0 and I’m looking forward to test 2.2.0 stable release. Specifically, as an Android fan I’m looking forward to upgrade the Google Play Services packages to 29.x to have the latest packages and stay updated in the cross-platform world.

For more information on the bug fixes and new features in this pre-release version, check out the official release notes.

What do you think about this pre-release? Have you tried it yet? Let me hear your experiences in the comments section.

Xamarin Adventures: Consistent Cross-Platform Multi-Threading

Hi there readers! Like I said in the last post, I wanted to write something about Xamarin, and now that it’s open source you might be more interested than before in taking this framework for a spin.

Xamarin is a .NET framework used to build Android, iOS, Mac and Windows Phone apps. It uses C# language features to map Android and iOS APIs and also has a top level abstraction called Xamarin Forms to achieve the most common user story scenarios.

I will start these series of posts, with one question that I think is a keystone to all subsequent development issues you might find when dealing with multi-threading.

Continue reading Xamarin Adventures: Consistent Cross-Platform Multi-Threading