Categories
Process Tampa Bay What I’m Up To

Scenes from UC Baseline’s “Networking 101” class

Here’s my daily view for seven hours a day for the next little while, as I’m part of the inaugural cohort of UC Baseline, the 5-week cybersecurity training program from Tampa bay’s security guild, The Undercroft:

Tap to see at full size.

Last week was devoted entirely to the “Hardware 101” part of the program. Here’s a video summary of what happened that week, and Yours Truly’s in a fair bit of it:

This week is “Networking 101”, which is all about how the bits gets transferred across wires and air to our hardware.

One of the exercises is making our own Ethernet cables. I can do it — just, very, very slowly…

Tap to see at full size.

We spent a good chunk of time setting up virtual LANs on our individually-assigned Cisco Catalyst 3750 programmable 48-port switches (alas, we don’t get to keep them), hooking up our Raspberry Pi 4 boxes (which we do get to keep) to them, and wiring our VLANs together via trunks:

Tap to see at full size.

It’s a strange world, where IOS doesn’t Apple’s refer to “iPhone Operating System” — part of my usual stomping grounds as a developer — but in the world of network administration, it’s Cisco’s Internetwork Operating System:

Tap to see at full size.

This is way outside my normal experience with networking, which I do at the application level, where I deal with data structures like arrays, dictionaries, base64-encoded data, and maybe the occasional data stream. This is the world of packets, frames, switching, and routing. I would still probably ruin a server room if left in charge of it, but after this course, I’d ruin it less.

do have a refreshed generalized concept of what happens at the lower levels of the network, and that’s the important thing for me and the sort of work that I do.

Tap to see at full size.
Categories
Humor Programming

Me, with my calls to print() vs. you, with your fancy debugger

print() (or printf()) works for these pros…

…and it works pretty nicely for me, too.

Categories
Process Programming

Supplementary UC Baseline notes #2: The easiest way to explain public key cryptography for sending secret messages and signing them

I’m often asked about how public-key cryptography (a.k.a. asymmetric cryptography) works. The concept of private keys and public keys isn’t an intuitive one. A couple of years back, I spent some time trying to come up with an analogy that was layperson-friendly and memorable.

Photo: The Undercroft sign, featuring the Undercroft’s “mascot” — a stag standing upright in a suit, leaning jauntily against an umbrella, walking stick-style.Regular readers of this blog are probably aware that I’m in week two of a five-week cybersecurity course called UC Baseline offered by Tampa Bay’s security guild, The Undercroft. The topic of generating keys for SSH came up, and not all of us are familiar with public key cryptography. This article should help!

The special box

Imagine a box with a special lock, as pictured below:

The lock has three positions:

  1. When the lock is turned to the “9:00” position, the box is locked, and its contents are inaccessible.
  2. When the lock is turned to the “12:00” position, the box is unlocked, which means you can open it and view its contents.
  3. When the lock is turned to the “3:00” position, the box is locked, and its contents are inaccessible.

The lock’s position can be changed by two kinds of keys. The first type of key belongs to the owner of the box, and is thus called the private key:

The private key fits the lock, but it has a special limitation: it can only turn the lock clockwise — from 9:00 to 12:00, or from 12:00 to 3:00. It doesn’t turn counter-clockwise.

There’s only one copy of the private key, and as the owner of the box, you hold onto it.

There’s a second kind of key. You may have already guessed that it’s called the public key:

Like the private key, the public key also fits the lock, and it also has a special limitation — but a different one: it can only turn the lock counter-clockwise — from 3:00 to 12:00, or from 12:00 to 9:00. It doesn’t turn clockwise.

Unlike the private key, you give copies of the public key freely to other people. This lets them communicate with you.

Using the box and keys, two different things are possible:

  1. People can send you secret messages. This is done with encryption.
  2. You can send messages to people with proof that it was you who sent the message. This is done with digital signatures.

Sending secret messages with encryption

The idea behind sending secret messages is straightforward: you take the message and encrypt it (that is, scramble it so that it’s incomprehensible to other people), and then send it. The receiver gets the message, decrypts it (that is, performs the inverse of the operation that scrambled the message), restoring it to its original form and making it readable.

Think of encrypting the message as putting it in the special box and locking it. Think of decrypting the message as unlocking the box.

If you wanted to send a message to me, you’d use one of my boxes. Since it’s one of my boxes, I would have the private key for it, and I would have given you one of my public keys.

To send me the message so that only I would be able to read it, you’d put the message into the box and then lock it with my public key. Remember, the unlocked position is at 12:00, and public keys only turn counter-clockwise. When you lock it, you change the lock to the 9:00 position:

Once the box is locked, you’d ship it to me.

In order to read your secret message, I’d unlock the box using my private key. Remember, the lock is currently at the 9:00 position (locked), the unlocked position is at 12:00, and private keys only turn clockwise. When I unlock it, I return the lock to the 12:00 position:

With the box unlocked, I can now read the message you sent me.

Proving that I was the one who sent the message using a digital signature

I can also use one of my boxes to sign my messages in such a way that you know that they’re definitely from me and not some troll pretending to be me.

If I wanted to send you a message that was guaranteed to be from me, I’d use one of my boxes.

To send you a message in a way that proved that only I could have sent it, I’d put the message into the box and lock it with my private key. Remember, the unlocked position is at 12:00, and private keys only turn clockwise. When I lock it, you change the lock to the 3:00 position:

Once the box is locked, I’d ship it to you.

In order to confirm that the message was sent by me, you’d unlock the box using the public key I gave you. Remember, the  lock is currently at the 3:00 position (locked), the unlocked position is at 12:00, and public keys only turn counter-clockwise. When you unlock it, you return the lock to the 12:00 position:

You can rest assured that I sent the message, because in the digital signature scenario, only my private key could’ve locked the box that you unlocked with my public key.

It’s all math

You may have to remind people that the box isn’t actually a box, the things that we call the private key and public key are just really large numbers, and that encryption and digital signing are just some fancy math operations that are performed on your message (which is really just a bunch of numbers) using the private and public keys.

I’ll write up a layperson-friendly description of how the math in public-key crypto works, but in the meantime, if someone’s asking you to explain it, send them to the EFF’s article, A Deep Dive on End-to-End Encryption: How Do Public Key Encryption Systems Work?

Credit where credit is due

I found the original “special box” analogy put together by Panayotis Vryonis (pictured to the right), in his article titled Public-key cryptography for non-geeks. He came up with an analogy that treated asymmetric crypto as a box with a special lock and special keys, and it seemed to do the job nicely, and I wrote about it in this post back in June 2017.

Analogies often have limits, and it wasn’t long before my computer science prof, Dr. Robin Dawes (pictured to the right), pointed out a flaw in Vryonis’ analogy. With his help, combined with a suggestion from Matthew Ernest, I came up with a tweak, resulting in the analogy shown above. Thanks to all of them for their invaluable help!

Categories
Process Tampa Bay What I’m Up To

The UC Baseline cybersecurity course at The Undercroft — Begin week 2: Networking 101!

It’s Monday, July 27th, which means that I’ve completed the Hardware 101 portion of the 5-week UC Baseline cybersecurity training program offered by Tampa Bay’s security guild, The Undercroft! Here’s a quick rundown of what I’ve posted so far about my experiences…

We’re now on week 2, which means it’s time to move to the next module…

It’s time for Networking 101, which takes up the next five days! This should be fun.

In anticipation of this week’s lectures, I thought I’d repost these two “cats and networking” pics…

Photo: A stack of seven interlocking baskets, each with a cat. From top to bottom, the cats are labeled: Application, presentation, session, transport, network, data link, and phyiscal.
The OSI network model, illustrated with cats.
Photo: A stack of four boxes, each with a cat in it. The cats are labeled, from top to bottom: Application, transport, internet, and network interface.
The TCP/IP layers.
Categories
Hardware Process Tampa Bay What I’m Up To

Scenes from Days 4 and 5 of the “UC Baseline” cybersecurity program at The Undercroft

Day 4 of the Hardware 101 component of the UC Baseline cybersecurity program was all about security for the enterprise, which naturally included topics such as servers. Not everyone in the class has had the opportunity to tour a server room or data center, and this was their chance to see these machines up close.

Unlike the previous days, we did not attempt to dismantle and then reassemble the servers — this was a “look, but don’t touch” sort of lesson.

We also had a guest lecturer who gave us a pretty thorough walkthrough of the sorts of things involved in an enterprise server/data center setup, some of which went way over my head. I don’t see a sysadmin/system architect role in my future, but it might not hurt for me to do some supplementary reading on this topic.

Day 5 was the final day of Hardware 101 and started with something that I’ve always been terrible at: Making networking cables.

Arrrrgh.

We also spent some time looking over all sorts of intrusion devices, such as the incredibly cute “Pwnagotchi”, a Raspberry Pi Zero-based device that “listens” to wifi chatter to feed its machine learning program in order to figure out wifi passwords.

It uses an e-paper screen, which is quite legible and consumes little power.

It’s incredibly small:

Here’s a Pwnagotchi beside a U.S. quarter for size reference:

A great way to steal information to gain access to people’s accounts and systems is to set up a fake wifi hotspot at a place that offers free wifi, such as Starbucks. That’s what the Wifi Pineapple is for — people connect to it, thinking they’re connecting to Starbucks wifi. You route their signals through to the real Starbucks wifi, but you’re the go-between, and can “see” everything that your marks are sending on the internet: the data they’re passing back and forth, including stuff like user IDs and passwords:

Here’s the actual unit:

Here’s a wrist-mounted device for performing wifi de-authentication attacks:

It sends out a signal that causes devices currently connected to wifi to disconnect. You could use it in tandem with a Wifi Pineapple to force people to disconnect from the real wifi and then connect to the Pineapple instead, enabling you to read their internet communications.

If you really want to “sniff” all the wifi traffic in the room, you’ll want one of these — a high-gain antenna system hooked to a network interface controller (NIC) that reads signals in “promiscuous mode”, a capability that’s disabled in most NICs. In promiscuous mode, you can capture all wifi traffic instead of the bits of data that you’re authorized to receive. It’s a good network diagnostics tool — and it’s also useful for getting up to no good:

And finally, the Shark Jack. Plug it into someone’s network, either via the ethernet jack or USB, and it will execute scripts to get a map of the network or even deliver a payload somewhere onto the system:

It’s basically a real-world version of the device that Tony Stark slipped onto the command console of the SHIELD helicarrier in the first Avengers movie (it’s at the 0:44 mark):

I may have to invest in one of those bad boys. For research purposes, you understand.

We also had a guest lecturer who delivered a very thorough and informative presentation on getting started in cybersecurity. I’ll have to post notes on it later:

And at the end of the day, we were each issued our very own Raspberry Pi 4 Model B’s!

These were the Labists versions, and I have to say, I prefer their offering over Canakit’s.

Here’s what the board looks like:

It has some pretty impressive specs, especially when you consider that it retails for under $100:

  • Processor: Quad core Cortex-A72 (ARM v8) 64-bit SoC, running at 1.5GHz
  • RAM: 4 GB
  • “Hard drive”: Micro-SD card slot. This model comes with a 32 GB card
  • Networking:
    • 2.4 GHz and 5.0 GHz IEEE 802.11ac wifi
    • Bluetooth and Bluetooth LE (low energy)
    • Gigabit ethernet
  • USB ports: 2 USB 2 ports, 2 USB 3 ports
  • Video: 2 micro-HDMI ports, with support for 4Kp60 video
  • Other ports:
    • Raspberry Pi 40-pin GPIO (general purpose input/output)
    • 2-lane MIPI DSI display port
    • 2-lane MIPI CSI camera port
    • 4-pole stereo audio/composite video port

It also comes with a pretty nice case…

…a power supply with an actual on/off switch on the cord, and not one, but two micro-HDMI to full-size HDMI cables…

…heatsinks and a fan, plus a screwdriver…

…and a micro-SD card and USB adapter so that you can use your standard computer to download an OS…

I spent some time over the weekend noodling with it, and wow, is it a fun computer to play with!

We’re expected to use it for this week’s classes, which make up the “Networking 101” portion of the UC Baseline program. I’m looking forward to it!

Categories
Hardware Programming

Supplementary UC Baseline notes #1: The connection between binary and hexadecimal numbers

For the benefit of my classmates in the UC Baseline program (see this earlier post to find out what it’s about), I’m posting a regular series of notes here on Global Nerdy to supplement the class material. As our instructor Tremere said, what’s covered in the class merely scratches the surface, and that we should use it as a launching point for our own independent study.

Photo: A slide showing 4 rows of 8 lightbulbs displaying different binary values. Inset in the lower right corner: UC Baseline instructor Tremere lecturing.
The “binary numbers” portion of day 1 at UC Baseline. Tap to see at full size.

There was a lot of introductory material to cover on day one of the Hardware 101 portion of the program, and there’s one bit of basic but important material that I think deserves a closer look, especially for my fellow classmates who’ve never had to deal with it before: How binary and hexadecimal numbers are related.

The problem with binary
(for humans, anyway)

Consider the population of Florida. According to the U.S. Census Bureau, on July 1, 2019, that number was estimated to be 21,477,737 in base 10, a.k.a. the decimal system.

Here’s the same number, expressed in base 2, a.k.a. the binary system: 1010001111011100101101001.

That’s the problem with binary numbers: Because they use only two digits, 0 and 1, they grow in length extremely quickly, which makes them hard for humans to read. Can you tell the difference between 100000000000000000000000 and 1000000000000000000000000? Be careful, because those two numbers are significantly different — one is twice the size of the other!

(Think about it: In the decimal system, you make a number ten times as large by tacking a 0 onto the end. For the exact same reason, tacking a 0 onto the end of binary number doubles that number.)

Hexadecimal is an easier way to write binary numbers

Once again, the problem is that:

  • Binary numbers, because they use only two digits — 0 and 1 — get really long really quickly, and
  • Decimal numbers don’t convert easily to binary.

What we need is a numerical system that:

  • Can represent really big numbers with relatively few characters, and
  • Converts easily to binary.

Luckily for us, there’s a numerical system that fits this description: Hexadecimal. The root words for hexadecimal are hexa (Greek for “six”) and decimal (from Latin for “ten”), and it means base 16.

Using 4 binary digits, you can represent the numbers 0 through 15:

Decimal Binary
0 0000
1 0001
2 0010
3 0011
4 0100
5 0101
6 0110
7 0111
8 1000
9 1001
10 1010
11 1011
12 1100
13 1101
14 1110
15 1111

Hexadecimal is the answer to the question “What if we had a set of digits that represented the 16 numbers of 0 through 15?”

Let’s repeat the above table, this time with hexadecimal digits:

Decimal Binary Hexadecimal
0 0000 0
1 0001 1
2 0010 2
3 0011 3
4 0100 4
5 0101 5
6 0110 6
7 0111 7
8 1000 8
9 1001 9
10 1010 A
11 1011 B
12 1100 C
13 1101 D
14 1110 E
15 1111 F

Hexadecimal gives us easier-to-read numbers where each digit represents a group of 4 binary digits. Because of this, it’s easy to convert back and forth between binary and hexadecimal.

Since we’re creatures of base 10, we have the single characters to represent the digits 0 through 9, but no single character to represent 10, 11, 12, 13, 14, and 15, which are digits in hexadecimal. To work around this problem, hexadecimal uses the first 6 letters from the Roman alphabet: A, B, C, D, E, and F.

Let’s try representing a decimal number in binary, and then hexadecimal. Consider the number 49,833. It’s the number for the Unicode character for ©, the copyright symbol. Here’s its representation in binary:

1100001010101001

That’s a hard number to read, and if you had to manually enter it, the odds are pretty good that you’d make a mistake. Let’s convert it to its hexadecimal equivalent.

We do this by first breaking that binary number into groups of 4 bits (remember, a single hexadecimal number represents 4 bits, and “bit” is a portmanteau for “binary digit”):

1100     0010     1010     1001

Now let’s use the table above to look up the hexadecimal digit for each of those groups of 4:

1100     0010     1010     1001
C           2           A         9

There you have it:

  • The decimal representation of the number is 49,833,
  • its binary representation is 1100001010101001,
  • in hexadecimal, it’s C2A9,
  • and when you interpret this number as a Unicode character, it’s this: ©

How to indicate if you’re writing a number in decimal, binary, or hexadecimal form

Because we’re base 10 creatures, we simply write decimal numbers as-is:

49,833

To indicate that a number is in binary, we prefix it with the number zero followed by a lowercase b:

0b1100001010101001

This is a convention used in many programming languages. Try it for yourself in JavaScript:

Or if you prefer, Python:

To indicate that a number is in hexadecimal, we prefix it with the number zero followed by a lowercase x:

oxC2A9

Once again, try it for yourself in JavaScript:

Or Python:

Common grouping of binary numbers and hexadecimal

4 bits: A half-byte, tetrade, or nybble

A single hexadecimal digit represents 4 bits, and my favorite term for a group of 4 bits is nybble. The 4 bits that make up a nybble can represent the numbers 0 through 15.

“Nybble” is one of those computer science-y jokes that’s based on the fact that a group of 8 bits is called a byte. I’ve seen the terms half-byte and tetrade also used.

8 bits: A byte

Two hexadecimal digits represent 8 bits, and a group of 8 bits is called a byte. The 8 bits that make up a byte can represent the numbers 0 through 255, or the numbers -128 through 127.

In the era of the first general-purpose microprocessors, the data bus was 8 bits wide, and so byte was the standard unit of data. Every character in the ASCII character set can be expressed in a single byte. Each of the 4 numbers in an IPv4 address is a byte.

16 bits: A word

Four hexadecimal digits represent 16 bits, and a group of 16 bits is most often called a word. The 16 bits that make up a word can represent the numbers 0 through 65,535 (a number sometimes referred to as “64K”), or the numbers -32,768 through 32,767.

If you were computing in the late ’80s or early ’90s — the era covered by Windows 1 through 3 or Macs in the classic chassis — you were using a 16-bit machine. That meant that it stored data a word at a time.

32 bits: A double word or DWORD

Eight hexadecimal digits represent 32 bits, and a group of 32 bits is often called a double word or DWORD; I’ve also heard the unimaginative term “32-bit word”. The 32 bits that make up a word can represent the numbers 0 through 4,294,967,295 (a number sometimes referred to as “4 gigs”), or the numbers −2,147,483,648 through 2,147,483,647.

32-bit operating systems and computers came about in the mid-1990s. Some are still in use today, although they’d now be considered older or “legacy” systems.

The IPv4 address system uses 32 bits, which means that it can represent a maximum of 4,294,967,29 internet addresses. That’s fewer addresses than there are people on earth, and as you might expect, we’re running out of these addresses. There are all manner of workarounds, but the real solution is for everyone to switch to IPv6, which uses 128 bits, which allows for over 3 × 1038 addresses — enough to assign 100 addresses to every atom on the surface of the earth.

64 bits: A quadruple word or QWORD

16 hexadecimal digits represent 64 bits, and a group of 64 bits is often called a quadruple word, quad word, or QWORD; I’ve also heard the unimaginative term “64-bit word”. The 64 bits that make up a word can represent the numbers 0 through 18,446,744,073,709,551,615 (about 18.4 quintillion), or the numbers -9,223,372,036,854,775,808 to 9,223,372,036,854,775,807 (minus 9.2 quintillion through 9.2 quintillion).

If you have a Mac and it dates from 2007 or later, it’s probably a 64-bit machine. macOS has supported 32- and 64-bit applications, but from macOS Catalina (which came out in 2019) onward, it’s 64-bit only. As for Windows-based machines, if your processor is an Intel Core 2/i3/i5/i7/i9 or AMD Athlon 64/Opteron/Sempron/Turion 64/Phenom/Athlon II/Phenom II/FX/Ryzen/Epyc, you have a 64-bit processor.

Need more explanation?

The Khan Academy has a pretty good explainer of the decimal, binary, and hexadecimal number systems:

Categories
Current Events Tampa Bay

What’s happening in the Tampa Bay tech/entrepreneur/nerd scene (Week of Monday, July 27, 2020)

Banner: Tampa Bay ONLINE tech, entrepreneur, and nerd events - Monday, July 27 - Sunday, August 2, 2020 - GlobalNerdy.com

Hello, Tampa Bay techies, entrepreneurs, and nerds! Welcome to the weekly list of online-only events for techies, entrepreneurs, and nerds based in an around the Tampa Bay area.

Keep an eye on this post; I update it when I hear about new events, it’s always changing. Stay safe, stay connected, and #MakeItTampaBay!

Saturday: The Suncoast Developers Conference

Suncoast Developers Guild aren’t just a coding school — they’re a pillar of the Tampa Bay tech scene, and this place is all the better for their being around. Here’s one reason: they hold events like the upcoming Suncoast Developers Conference, which will happen online on Discord this Saturday, August 1, 2020.

At this free event, you’ll see Tampa Bay’s developers showcase and share their knowledge with others. They’ll cover all sorts of topics in bite-size (10 – 15 minute) presentations.

The conference will also feature some of Suncoast Developers Guild’s recent code school grads and their capstone projects. Get to know them, and if you like what you see and need more people in your organization, hire them!

I will be delivering a presentation at the conference, where I’ll talk about Ren’Py, the Python-powered visual novel authoring system that you can use to write visual novels, adventure games, turn-based role-playing videogames, and yes, dating simulation games. It’ll be your anime/programming dream mashup come true!

Once again, this conference is free-as-in-beer (and not free-as-in-mattress) and it happens Saturday, August 1st. To RSVP and find out more about the conference, visit the website at suncoast.io/conference!

This week’s events

Monday, July 27

Tuesday, July 28

Wednesday, July 29

Thursday, July 30

Friday, July 31

Saturday, August 1

Sunday, August 2

Do you have an upcoming event that you’d like to see on this list?

If you know of an upcoming event that you think should appear on this list, please let me know!

Join the mailing list!

If you’d like to get this list in your email inbox every week, enter your email address below. You’ll only be emailed once a week, and the email will contain this list, plus links to any interesting news, upcoming events, and tech articles.

Join the Tampa Bay Tech Events list and always be informed of what’s coming up in Tampa Bay!