Soptik's recent activity

  1. Comment on Kazakhstan ISPs begin intercepting all HTTPS traffic in ~comp

    Soptik Link
    Offtopic: Maybe it might be good idea to switch link to zdnet. It’s concerning that internet access is blocked when people don’t install the certificate. How does one evade this? Proxy over :80...

    Offtopic: Maybe it might be good idea to switch link to zdnet.

    It’s concerning that internet access is blocked when people don’t install the certificate. How does one evade this? Proxy over :80 and hope for the best? Tor via not-443?

    2 votes
  2. Comment on Kazakhstan ISPs begin intercepting all HTTPS traffic in ~comp

    Soptik (edited ) Link
    This is not new, at least not this concept. I remember reading few months (or was it a year already) back about this in some mozilla channel, where someone feared this would happen and asked what...

    This is not new, at least not this concept. I remember reading few months (or was it a year already) back about this in some mozilla channel, where someone feared this would happen and asked what would be done. I'll try to find the thread.

    I wonder if this will even work on most devices. When I wanted to snoop on what an android application sends over network so I can reverse engineer it's API see content of the HTTP requests for research purposes, I had to take the API, swap one library to another much older version and than reinstall the whole apk, as it wouldn't accept my own certificate otherwise.

    On the other hand, the government probably don't care too much about handful of users that will see the invalid certificate warning for most websites, and will probably find a way to evade HTTP StrictTransportPolicy. This policy defines that site can only be accessed via https and with valid certificate.

    Edit: Here is the historical bugzilla thread. It was actually 4 years ago when this started.

    The measure is not yet in force but the Kazakhstan government has announced plans to require all KZ internet users to install a special "national security certificate" in their browsers, so that KZ Telecom can MITM the traffic. This also affects browsers and software other than Firefox.

    Edit 2: Here is Google Groups discussion (Mozilla Security), spanning from 2016 to now. It's interesting to see such an old thread revive like this.

    Edit 3: One of messages from Google Groups:

    Let's posit what might happen if Mozilla made their products intentionally
    break for this use case.

    Further, let's stipulate that every other major browser follows course and
    they all blacklist this or any other nation-state interception certificate,
    even if manually installed.

    Isn't the logical outcome that the nation-state forks one of the
    open-source browser projects, patches in their MiTM certificate, and
    un-does the blacklisting? I think that's exactly what would happen. The
    trouble is, there's no reason to expect that the fork will be maintained or
    updated as security issues are discovered and upstream patches are issued.
    We wind up with an infrequent release cycle browser being used by all these
    users, who in turn get no privacy AND get their machines rooted
    disproportionate to the global population.

    This looks very similar to the DragonFly project by Google. Do you comply with censorship/privacy loss in order to deliver better product to users, or do you object to it with knowledge that the censorship/privacy loss will not change dramatically and the users receive a lot worse service?

    Edit 4:
    Nurbo from HN said:

    A fellow from Kazakhstan here.
    Banning this certificate or at least warning the users against using it WILL help a lot.
    Each authoritarian regime is authoritarian in its own way. Kazakhstan doesn't have a very strong regime, especially since the first president resigned earlier this year. When people protest strongly against something, the government usually backs down. For example, a couple of years ago the government withdrew their plans of lending lands to foreign governments after backlash from ordinary people. If Kazakhs knew about the implications of installing this certificate, they would have been on the streets already.
    If Firefox, Chrome and/or Safari block this certificate, the people will show their dissatisfaction and the law will be revoked.
    Sometimes the people in authoritarian countries need a little bit of support from organizations to fight for their rights. I really hope the browser organizations would help us here.

    Edit 5:
    Dmbaturin from lobste.rs translated official KZ website

    Due to increasingly frequent cases of personal information theft and bank account hijacking, we are introducing a security certificate that will become an efficient way to protect the country from hackers, scammers, and other cyberthreats.

    Deployment of the security certificate will help us protect your data and stop attacks befoore they succeed.

    The security certificate is a set of digital data that is required for encrypted protocols to wrk. It will help protect the Kazakh people from attacks and illegal content.

    You should install the certificate on every device connected to the Internet, else there will be technical difficulties with accessing particular resources.

    This is terrifying. And it’ll work, since people won’t be able to access internet otherwise (see zdnet article linked below in the OT comment). This is the case where mozilla, google, and other organizations have to come forward and say No!. According to the KZ citizen from HN, people can force the government to abort this if given a reason. Every major sw they use rejecting the certificate might be the reason they need.

    6 votes
  3. Comment on Suggestion: Hide my logged-in username while browsing in ~tildes

    Soptik Link Parent
    I think they want to share something with their friend IRL but are afraid that the friend could read their username? I’m not sure but that’s the only reason I came up with.

    I think they want to share something with their friend IRL but are afraid that the friend could read their username? I’m not sure but that’s the only reason I came up with.

    2 votes
  4. Comment on Are 'Exemplary' labels no longer visible? in ~tildes

    Soptik Link Parent
    When you clicked @dubteedub ‘s link, it brought you to the exemplary comment and highlighted it because of the link. The highlight overrides exemplary label. Click this link, I highlighted...

    When you clicked @dubteedub ‘s link, it brought you to the exemplary comment and highlighted it because of the link. The highlight overrides exemplary label. Click this link, I highlighted different comment. If you scroll down a bit you should see the exemplary comment.

    8 votes
  5. Comment on Firefox 68 released in ~tech

    Soptik Link Parent
    Thanks! I’ll post thread with results on Tildes if I manage to get interesting data.

    Thanks! I’ll post thread with results on Tildes if I manage to get interesting data.

    2 votes
  6. Comment on Firefox 68 released in ~tech

    Soptik Link
    I wonder if there is any measurable performance improvement with the new GPU rendering. I read that it decreases browser lag and on some test site, it achieved 60 FPS compared to Chrome's 15 and...

    I wonder if there is any measurable performance improvement with the new GPU rendering. I read that it decreases browser lag and on some test site, it achieved 60 FPS compared to Chrome's 15 and old Firefox 12 (?). However I would like to know the impact on normal browsing.

    Did anyone read something about this, or can someone recommend me a way how to track time to DOM draw finish so I can count it myself?

    4 votes
  7. Comment on Firefox 68 released in ~tech

    Soptik Link Parent
    I'll add for clarity that HTTPS means that the transportation is encrypted, so only you can view the data. This actually even prevents some attacks, such as DNS poisoning, where attacker falsify...

    I'll add for clarity that HTTPS means that the transportation is encrypted, so only you can view the data.

    This actually even prevents some attacks, such as DNS poisoning, where attacker falsify DNS response and force you to visit his website.

    And it didn't take long for British ISPs to award Mozilla the title of Internet Villain because of this feature :-)

    cc @Douglas

    14 votes
  8. Comment on YouTube now bans instructional hacking and phishing in ~tech

    Soptik Link
    LiveOverflow just posted a video about this issue that I recommend to view, he has pretty interesting opinion.

    LiveOverflow just posted a video about this issue that I recommend to view, he has pretty interesting opinion.

    3 votes
  9. Comment on YouTube now bans instructional hacking and phishing in ~tech

    Soptik Link Parent
    Great, it’ll be much better for anyone coming to this story.

    Great, it’ll be much better for anyone coming to this story.

    4 votes
  10. Comment on YouTube now bans instructional hacking and phishing in ~tech

    Soptik Link
    This story got a lot of traction overnight in press, such as The Verge, The Register, and some newspapers I never heard about before. So YouTube had to back off and remove the strike. No links...

    This story got a lot of traction overnight in press, such as The Verge, The Register, and some newspapers I never heard about before. So YouTube had to back off and remove the strike.

    In a subsequent comment, a YouTube spokesperson confirmed to The Verge that Cyber Weapons Lab’s channel was flagged by mistake and the videos have since been reinstated. “With the massive volume of videos on our site, sometimes we make the wrong call,” the spokesperson said. “We have an appeals process in place for users, and when it’s brought to our attention that a video has been removed mistakenly, we act quickly to reinstate it.”

    No links this time, I’m on phone. Cc @Deimos who noticed that the strike was removed.

    7 votes
  11. Comment on Awk by example in ~comp

    Soptik Link
    Excellent tutorial, thanks for sharing! I didn’t see a link at the end of the article, but it looks like there is another part published. You can edit URL to get to it....

    Excellent tutorial, thanks for sharing!

    I didn’t see a link at the end of the article, but it looks like there is another part published. You can edit URL to get to it.

    developer.ibm.com/tutorials/l-awk2

    4 votes
  12. On lobste.rs I found link to an article from Vidar Holen, the author of shellcheck. He made a fork bomb that is really interesting. Here's the bomb: DO NOT RUN THIS. eval $(echo...

    On lobste.rs I found link to an article from Vidar Holen, the author of shellcheck. He made a fork bomb that is really interesting. Here's the bomb:

    DO NOT RUN THIS.

    eval $(echo "I<RA('1E<W3t`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r`26<F]F;==" | uudecode)
    

    This may look pretty obvious, but it's harder than you think. I fell for it. twice. Can you find out how this bomb works?

    Warning: executing the bomb will slow down your computer and will force you to restart.
    You can limit impact of the fork bomb by setting FUNCNEST.

    export FUNCNEST=3
    

    Have fun!

    12 votes
  13. Comment on The V Programming Language in ~comp

    Soptik Link
    I tried to use V, but following official install from source instructions (which btw included step “compile at ~/code/ otherwise it won’t work”) resulted in segfault while building. I found some...

    I tried to use V, but following official install from source instructions (which btw included step “compile at ~/code/ otherwise it won’t work”) resulted in segfault while building. I found some old github issue and made a workaround to make it work. Then I copy-pasted one of the example programs on the website which didn’t compile because of syntax error.

    I don’t think I’ll use this language anytime soon.

    9 votes
  14. Comment on Fermi problem game thread in ~misc

    Soptik Link
    How many possible combinations of turns in chess exist after 30 turns?

    How many possible combinations of turns in chess exist after 30 turns?

  15. Comment on Stylus userstyle that hides comment vote counts in ~tildes

    Soptik Link Parent
    Nice, thanks! @Bauke's code actually works even better, mine for some reason increases padding around the Vote button. I'll look into how did Bauke do it to steal it learn how he did it.

    Nice, thanks! @Bauke's code actually works even better, mine for some reason increases padding around the Vote button. I'll look into how did Bauke do it to steal it learn how he did it.

    4 votes
  16. This simple stylus userstyle hides vote counts on both voted and unvoted comments and your own comments. I really like what Deimos did, it significantly improved my time here on Tildes. If you...

    This simple stylus userstyle hides vote counts on both voted and unvoted comments and your own comments. I really like what Deimos did, it significantly improved my time here on Tildes. If you want the feature back, install Stylus extension, click the Stylus icon > write style for tildes.net and paste this:

    /* Hide vote count for unvoted comments */
    .btn-post-action[name="vote"] {
        visibility: hidden;
        position: relative;
    }
    .btn-post-action[name="vote"]:after {
        visibility: visible;
    	content: "Vote";
        position: absolute;
    }
    
    /* Hide vote count for voted comments */
    .btn-post-action[name="unvote"] {
        visibility: hidden;
        position: relative;
    }
    .btn-post-action[name="unvote"]:after {
        visibility: visible;
    	content: "Voted";
        position: absolute;
    }
    
    /* Hide vote count for your own comments */
    .comment-votes {
        display: none;
    }
    

    Known issues

    • There is extra padding around Vote button
    • Extensions such as Vim Vixen cannot interact with Vote button
    11 votes
  17. Comment on Genetic Algorithms in ~comp

    Soptik Link Parent
    When I last used trees, I had big problems with mantaining diversity. While mutation (replace this subtree with randomly generated) worked, eventually I ended up with one solution unable to find...

    When I last used trees, I had big problems with mantaining diversity. While mutation (replace this subtree with randomly generated) worked, eventually I ended up with one solution unable to find anything else.

    There is probably a better way how to mutate a structure, but I’ve never heard of any.

    Btw, I asked someone who interests a lot in this and he recommended me to give bonus points to solutions that differ from best solution. I didn’t yet try it, since I’m just rewriting the program, but I’m curious how it will work out.

  18. Genetic Algorithms

    Introduction to Genetic Algorithms Genetic algorithms can be used to solve problems that are difficult, or impossible to solve with traditional algorithms. Much like neural networks, they provide...

    Introduction to Genetic Algorithms

    Genetic algorithms can be used to solve problems that are difficult, or impossible to solve with traditional algorithms. Much like neural networks, they provide good-enough solution in short amount of time, but rarely find the best one. While they're not as popular as neural networks nor as widely used, they still have their place, as we can use them to solve complicated problems very fast, without expensive training rigs and with no knowledge of math.

    Genetic algorithms can be used for variety of tasks, for example for determining the best radio antenna shape, aerodynamic shapes of cars and planes, wind mill shapes, or various queing problems. We'll use it to print "Hello, World!".

    How does it work?

    Genetic algorithm works in three steps.

    1. Generate random solutions
    2. Test how good they are
    3. Pick the best ones, breed and mutate them, go to step 2

    It works just like evolution in nature. First, we generate randomised solutions to our problem (in this case: random strings of letters).

    Then, we test each solution and give it points, where better solutions gain more points. In our problem, we would give one point for each correct letter in the string.

    Afterwards, we pick the best solutions and breed it together (just combine the strings). It's not bad idea to mutate (or randomize) the string a bit.

    We collect the offsprings, and repeat the process until we find good enough solution.

    Generate random solutions

    First of all, we need to decide in which form we will encode our solutions. In this case, it will be simply string. If we wanted to build race cars, we would encode each solution (each car) as array of numbers, where first number would be size of the first wheel, the second number would be size of the second wheel, etc. If we wanted to build animals that try to find food, fight and survive, we would choose a decision tree (something like this).

    So let's start and make few solutions, or entities. One hundred should be enough.

    from random import randint
    
    goal = "Hello, World!"
    allowed_characters = list("qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM ,!")
    
    def get_random_entity(n, string_length):
        entities = []
        for _ in range(0, n):
            entity = ""
            for _ in range(0, string_length):
                entity += allowed_characters[randint(0, len(allowed_characters)-1)]
            entities.append(entity)
        return entities
    
    print(get_random_entity(100, 13))
    

    Test how good they are

    This is called a "fitness function". Fitness function determines how good a solution is, be it a car (travel distance), animal (food gathered), or a string (number of correct letters).

    The most simple function we can use right now will simply count correct letters. If we wanted, we could make something like Levenshtein distance instead.

    def get_fitness(entity):
        points = 0
        for i in range(0, len(entity)):
            if goal[i] == entity[i]:
                points += 1
        return points
    

    Crossover and mutation

    Now it's time to select the best ones and throw away the less fortunate entities. Let's order entities by their fitness.

    Crossover is a process, when we take two entities (strings) and breed them to create new one. For example, we could just give the offspring one part from one parent and another part from second parent.

    There are many ways how to do this, and I encourage you to try multiple approaches when you will be doing something like this.

    P:  AAAABBB|BCCCC
    P:  DDDDEEE|FGGGG
    
    F1: AAAABBB|FGGGG
    

    Or we can just choose at random which letter will go from which parent, which works the best here. After we have the offsprint (F1), we should mutate it. What if we were unfortunate, and H (which we need for our Hello, World!) was not in any of the 100 entities? So we take the string and for each character of the string, there is a small chance to mutate it - change it at random.

    F1:  ADDDEBEFGCGG
    F1`: ADHDEBEFGCGG
    

    And it's done. Now kill certain part of old population. I don't know which percentage is best, but I usually kill about 90% of old population. The 90% that we killed will be replaced by new offsprings.

    There is just one more thing: which entities do we select for crossover? It isn't bad idea - and it generally works just fine - to just give better entities higher chance to breed.

    def get_offspring(first_parent, second_parent, mutation_chance):
        new_entity = ""
        for i in range(0, len(first_parent)):
            if randint(0, 100) < mutation_chance:
                new_entity += allowed_characters[randint(0, len(allowed_characters)-1)]
            else:
                if randint(0, 1) == 0:
                    new_entity += first_parent[i]
                else:
                    new_entity += second_parent[i]
        return new_entity
    

    When we add everything together, we get this output:

    Generation 1, best score: 2 ::: QxZPjoptHfNgX
    Generation 2, best score: 3 ::: XeNlTOQuAZjuZ
    Generation 3, best score: 4 ::: weolTSQuoZjuK
    Generation 4, best score: 5 ::: weTgnC uobNdJ
    Generation 5, best score: 6 ::: weTvny uobldb
    Generation 6, best score: 6 ::: HellSy mYbZdC
    Generation 7, best score: 7 ::: selOoXBWoAKn!
    Generation 8, best score: 8 ::: HeTloSoWYZlh!
    Generation 9, best score: 8 ::: sellpX WobKd!
    Generation 10, best score: 9 ::: welloq WobSdb
    Generation 11, best score: 9 ::: selloc WoZjd!
    Generation 12, best score: 10 ::: wellxX WoVld!
    Generation 13, best score: 10 ::: welltX World!
    Generation 14, best score: 10 ::: welltX World!
    Generation 15, best score: 10 ::: welltX World!
    Generation 16, best score: 11 ::: zellov Wobld!
    Generation 17, best score: 11 ::: Hellty World!
    Generation 18, best score: 11 ::: welloX World!
    Generation 19, best score: 11 ::: welloX World!
    Generation 20, best score: 11 ::: welloX World!
    Generation 21, best score: 12 ::: welloX World!
    Generation 22, best score: 12 ::: Helloy World!
    Generation 23, best score: 12 ::: Helloy World!
    Generation 24, best score: 12 ::: Helloy World!
    Generation 25, best score: 12 ::: Helloy World!
    Generation 26, best score: 12 ::: Helloy World!
    Generation 27, best score: 12 ::: Helloy World!
    Generation 28, best score: 12 ::: Helloy World!
    Generation 29, best score: 12 ::: Helloy World!
    Generation 30, best score: 12 ::: Helloy World!
    Generation 31, best score: 12 ::: Helloy World!
    Generation 32, best score: 12 ::: Helloy World!
    Generation 33, best score: 12 ::: Helloy World!
    Generation 34, best score: 13 ::: Helloy World!
    Generation 35, best score: 13 ::: Hello, World!
    

    As we can see, we find pretty good solution very fast, but it takes very long to find perfect solution. The complete code is here.

    Maintaining diversity

    When we solve difficult problems, it starts to be increasingly important to maintain diversity. When all your entities are basically the same (which happened in this example), it's difficult to find other solutions than those that are almost the same as the currently best one. There might be a much better solution, but we didn't find it, because all solutions that are different to currently best one are discarded. Solving this is the real challenge of genetic algorithms. One of the ideas is to boost diverse solutions in fitness function. So for every solution, we compute distance to the current best solutions and add bonus points for distance from it.

    19 votes