Traveling Ruby (multi-platform portable Ruby binaries)

Traveling Ruby consists of a set of multi-platform portable Ruby binaries, which can be used to distribute Ruby-based products and run them even in machines where Ruby is not installed. It’s very useful, as you can also use it to pack multi-platform applications.

You can check the project’s home page here:

Traveling Ruby is a project which supplies self-contained, “portable” Ruby binaries: Ruby binaries that can run on any Linux distribution and any OS X machine. It also has Windows support (with some caveats). This allows Ruby app developers to bundle these binaries with their Ruby app, so that they can distribute a single package to end users, without needing end users to first install Ruby or gems.

It can run on

  • Linux x86.
  • Linux x86_64.
  • OS X
  • Windows

 

 

Video:

https://vimeo.com/phusionnl/review/113827942/ceca7e70da

 

Code Smells detectors

A Code smell is an interesting Software Engineering concept. According to Wikipedia, a Code Smell

“refers to any symptom in the source code of a program that possibly indicates a deeper problem.[1] According to Martin Fowler, “a code smell is a surface indication that usually corresponds to a deeper problem in the system“.[2] Another way to look at smells is with respect to principles and quality:[3] “smells are certain structures in the code that indicate violation of fundamental design principles and negatively impact design quality“.

Common code smells include:

  • Class-level smells
    • Large class, Feature envy, Inappropriate intimacy, Refused bequest, Lazy class/freeloader
  • Method-level smells
    • Too many parameters, Long method, Excessively long identifiers, Excessively short identifiers, Excessive return of data
    • Excessive use of literals, Cyclomatic complexity, Downcasting
    • Orphan variable or constant class
    • Data clump

Code Smells detection tools

Some free code smell detection tools (which perform static code analysis) include:

Conclusion

Most of these smells lower your code’s quality and maintainability. Be sure to include some of these detection tools on your development processes, as well as appropriate coding standards. Automatic noncompliance detection can be accomplished by adding these tools to your build process.

You can research more tools at https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

References

New e-Book: “VMware™ hypervisor fingerprinting”

Just published a new e-book at Amazon.com: “VMware™ hypervisor fingerprinting”.

You can find it here:

«In this book, we show how to determine hypervisor properties by running commands in the guest operating system, without any special privileges in the host machine running the hypervisor. This can be useful for penetration testing, information gathering, determining the best software configuration for virtualization-sensitive and virtualization-aware software. Finally, we present a reporting tool that unifies all the presented methods, by running them all in sequence and gathering the information in a useful report that can be run from any guest system.»

Writing and the Use of Trademark Words

How to use “trademark” words in your books

Colleen Anderson

Creative Commons–http://www.answerbag.com/trademarked-products

The use of trademarks is a very litigious business for those who commit infractions. You better not title your strawberry drink Coca-Cola, or call your car design the Toyota Prius or Toyota Pumpernickel. Most of this seems obvious. The maker and manufacturer own the right to that brand and no one will ride on their fame and steal their sales. It can get as contentious as the famed Disney lawyers who have actually trotted into a little flea market and told a woman to cease and desist in selling clothes made with Disney trademarked designs. The fabric was bought legally; it was the fact that she was trying to sew the cloth into clothing and sell that, that Disney objected to. Lawyers for Marvel contacted Vancouver media at one point and told them to stop calling a particular cat burglar (who climbed the side of buildings ) Spider-Man…

View original post 684 more words

Zero Net : P2P websites without central web server

ZeroNet is a very interesting distributed platform for content publishing and sharing. It has some strong properties, which are very interesting to bypass censorship and online hosting costs.

According to its proponents, it provides:

Open, free and uncensorable websites,
using Bitcoin cryptography and BitTorrent network

In this post we will see how ZeroNet can provide these properties.

Interesting features

  • Password-less BIP32 based authorization
    • Your account is protected by the same cryptography as your Bitcoin wallet.
    • You will need your private key to make changes to a given site
    • the site’s address is also BIP32-based
  • Real-time updated sites
    • visitors are notified of changes
    • and they update their browser contents if needed
  • Namecoin .bit domains support
    • for human intelligible site names
  • SQL Database support
    • runs locally
    • dedicated API for database access
  • Anonymity:
    • Full Tor network support with .onion hidden services instead of ipv4 addresses
  • TLS encrypted connections.
  • Automatic, uPnP port opening.
    • can be interesting for visitors using TCP/IP connections
  • Works with any browser/OS.

How does it work ?

According to its proponents, when you vist a ZeroNet site, this is what happens:

ad-hoc-and-p2p_1014841493414094001

ad-hoc-and-p2p_7615479204197627471

Digging a little bit deeper into detail, we find the following architecture:

screen-shot-02-05-17-at-06-51-pm-001

  1. Create a new site: a BIP-32 address and its respective public and private keys are created
  2. A BitTorrent compatible “.torrent” is created for announcing purposes
  3. The BIP-32 address is announced in the BitTorrent network trackers
  4. The BIP-32 address can be shared with the public
  5. A new visitor asks the BitTorrent trackers for other visitors serving the BIP-32 address
  6. The new visitor connects to the first ZeroNet server (using TCP/IP or TOR) and asks for “content.json“.
  7. After validating the “content.json” contents, it asks for the remaining site contents and validates its signature. It stores all the site’s contents locally
  8. The new visitor announces that it is also serving the site

Site Name

ZeroNet uses a BIP-32 address for the site name. This address can be concatenated to the local ZeroNet server.

For example:

Domain names

Namecoin .bit domains are supported: these addresses can be concatenated to the local ZeroNet server.

  • Example:
  • Other examples:

    screen-shot-11-02-16-at-12-16-pm

  • https://namecoin.org/
    • «Namecoin was the first fork of Bitcoin and still is one of the most innovative “altcoins”. It was first to implement merged mining and a decentralized DNS. Namecoin was also the first solution to Zooko’s Triangle, the long-standing problem of producing a naming system that is simultaneously secure, decentralized, and human-meaningful.»
    • «Namecoin is an experimental open-source technology which improves decentralization, security, censorship resistance, privacy, and speed of certain components of the Internet infrastructure such as DNS and identities.»

Other Benefits

Some additional benefits include:

  • Transparent sites: all the site code for all ZeroNet sites is available and can be audited if needed
  • One click cloning
    • it is very easy to clone an existing site and modify it
  • No back-end code
    • everything runs locally, there is no central server
      • even the database runs locally
    • this means the code runs very fast
    • and that there is no single point of failure or censorship
    • API for local database access
    • offline access is naturally supported
  • Instant CDN (Content Delivery Network)
    • the system behaves naturally as a CDN because it naturally produces multiple site copies (one for each visitor)
  • It is able to run on non-internet networks
    • Mesh-networks, Bluetooth, WiFi-direct, for example
  • Zero discrimination
    • everyone can build a site for a zero cost infrastructure
  • Zero trust
    • it is impossible to modify a site without the original private key (for the BIP32 address)
    • NOTE that it is not impossible to make a copy of the site, it’s just impossible to change a site at a given address without the private key

Other Features and limitations

  • No torrent-like file splitting for big file support
  • Support for anonymous communication (built-in full Tor support added)
  • File transactions are not compressed
  • Encrypted communication (TLS encryption added)
  • No private sites
  • Local ZeroNet service uses 15441 TCP/IP port (or a TOR hidden service) for inbound connections from other visitors

Demo

Step 0 – Install ZeroNet

  • Decompress the package and run the script:
    • ZeroNet.cmd (win),
    • ZeroNet(.app) (osx),
    • ZeroNet.sh (linux)
root@osboxes:~/Downloads# cd ZeroBundle/
root@osboxes:~/Downloads/ZeroBundle# ls -l
lib  
LICENSE.txt  
Python  
ssl  
ZeroNet.sh
root@osboxes:~/Downloads/ZeroBundle# ./ZeroNet.sh 
Downloading https://github.com/HelloZeroNet/ZeroNet/archive/master.zip to ZeroNet directory.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloaded.
Extracting... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Done.
Starting ZeroNet/"start.py"...
- Starting ZeroNet...
[15:24:11] - OpenSSL loaded, version: 01000207F
[15:24:12] - Version: 0.4.1 r1536, Python 2.7.11 |Continuum Analytics, Inc.| (default, Dec  6 2015, 18:08:32) 
[GCC 4.4.7 20120313 (Red Hat 4.4.7-1)], Gevent: 1.0.2
[
15:24:12] - Creating FileServer....
[15:24:12] TorManager Tor controller connect error: AssertionError: Tor version >=0.2.7.5 required, found: 0.2.2.35 in TorManager.py line 159
[15:24:12] - Creating UiServer....
[15:24:12] Site:1Name2..hM9F Content.json not exist: data/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/content.json
[15:24:12] - Removing old SSL certs...
[15:24:12] - Starting servers....
[15:24:12] Ui.UiServer --------------------------------------
[15:24:12] Ui.UiServer Web interface: http://127.0.0.1:43110/
[15:24:12] Ui.UiServer --------------------------------------
[15:24:12] - Opening browser: default_browser...
[15:24:12] Site:1Name2..hM9F Content.json not exist: data/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/content.json
[15:24:16] FileServer Checking port 15441 using portchecker.co...
[15:24:21] FileServer [BAD :(] Port closed: Port 15441 is closed.
[15:24:21] FileServer Trying to open port using UpnpPunch...
[15:24:34] Site:1HeLLo..Tf3D Content.json not exist: data/1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3D/content.json
[15:24:36] FileServer UpnpPunch run error: UpnpError: Failed to communicate with igd using port 15441 on local machine after 3 tries. in FileServer.py line 73 > UpnpPunch.py line 319 > UpnpPunch.py line 310


screen-shot-11-02-16-at-12-11-pm

screen-shot-11-02-16-at-12-12-pm

Step 1 – Create a new site

You can create an empty site through the command-line, as follows:

# zeronet.cmd siteCreate

- Starting ZeroNet...
 - OpenSSL loaded, version: 01000201F
 - Version: 0.4.1 r1536, Python 2.7.12 (v2.7.12:d33e0cf91556, Jun 27 2016, 15:19:
 22) [MSC v.1500 32 bit (Intel)], Gevent: 1.1.2
 - Generating new privatekey...
 - ----------------------------------------------------------------------
 - Site private key: 5KfnCgnyqNZWrRJ8tWeg1c5jaXXXXXXXXXXXXXXXXX
 -                   !!! ^ Save it now, required to modify the site ^ !!!
 - Site address:     1KVaAeeVhhW43FsYPWiEK7FSTuXXXXXXXX
 - ----------------------------------------------------------------------
 ? Have you secured your private key? (yes, no) >

Alternatively, you can clone an existing site (much easier option to start with).

Step 2 – View the new site contents

  • In a browser, we can access the new site with the following URL:
  • http://127.0.0.1:43110/1KVaAeeVhhW43FsYPWiEK7FSTuXXXXXXXX
  • Note that the URL to access a ZeroNet site is composed of the local service URL concatenated with site’s BIP-32 address

screen-shot-11-02-16-at-12-10-pm

Step 3 – Update the new site contents

ZeroNet provides some site templates which you can use to quickly add your content.

For example, the Blog and Talk templates allow the content files to be changed through the web interface without any coding. You can clone the ZeroBlog site to create a new blog.

screen-shot-11-02-16-at-01-24-pm

screen-shot-11-02-16-at-03-41-pm

Accessing the new site from another host:

screen-shot-11-02-16-at-04-01-pm

If you want to update your site files manually, you will have to perform some more steps from the command-line:

  • Update the site files located in data/[your site address key] 
    (eg:1KVaAeeVhhW43FsYPWiEK7FSTuXXXXXXXX).
  • When your site is ready run:
$ zeronet.py siteSign 1KVaAeeVhhW43FsYPWiEK7FSTuXXXXXXXX 
- Signing site: 1KVaAeeVhhW43FsYPWiEK7FSTuXXXXXXXX
... Private key (input hidden): 
<enter your private key>

  • in order to inform peers about the changes you made you need to run:
$ zeronet.py sitePublish 1KVaAeeVhhW43FsYPWiEK7FSTuXXXXXXXX
... Site:13DNDk..bhC2 Publishing to 3/10 peers... 
Site:13DNDk..bhC2 Successfuly published to 3 peers 
- Serving files.... 

Stats

You can check your local service’s stats using the following URL:

rev1536 | 88.210.64.173 | Opened: False | Crypt: ['tls-rsa'] | In: 7.23MB, Out: 0.20MB | Peerid: -ZN0041-sbW9XT0WjF9k |
Connections (4, total made: 109):
id proto type ip open crypt ping buff bad idle open delay out in last sent waiting version sites
86 v2 out 112.115.5.254:15441 True ECDHE-RSA-AES128-GCM-SHA256 0.515 0 0 716 6149 0.000 2kB 1kB listModified [] 0.4.1 r1536 3
88 v2 out 78.213.146.86:15441 True AES128-GCM-SHA256 0.140 0 0 716 6130 0.000 2kB 1kB pex [] 0.3.6 r915 3
94 v2 out 78.135.51.152:15441 True ECDHE-RSA-AES128-GCM-SHA256 0.374 0 0 716 6105 0.000 1kB 0kB listModified [] 0.4.1 r1536 2
96 v2 out 179.8.205.91:15441 True ECDHE-RSA-AES128-GCM-SHA256 0.359 0 0 613 6103 0.000 0kB 0kB listModified [] 0.4.1 r1536 2

Tor hidden services (status: OK (7 onion running)):
- 1KVaAeeVhhW43FsYPWiEK7FSTuHdGnbeoX: hyvex7lfikk277kq
- global : bkgn22ygvetxb3ze
- 1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8: 2mtnv2xrii6rrym4
- 131a4VbWAo21oeLffGfty9DVy4SnnPHCND: xzykj3o5yi6vd2xc
- 1Q9xoVam2Kx4Y5r76QkPDCLVMq9t4jRqZc: bol2gf6sil5jbf3n
- 1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F: 6j2u2jiecp3l2d3b
- 1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3D: ifnzspvmmwuori33

Db:
- 128.979s: data/content.db
- 127.196s: data/1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8/data/zeroblog.db
- 128.952s: data/1Q9xoVam2Kx4Y5r76QkPDCLVMq9t4jRqZc/data/zeroblog.db

Sites:
address connected peers content.json out in
131a4VbWAo21oeLffGfty9DVy4SnnPHCND [] 0/0/0 0 (loaded: 0) 0kB 0kB
1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8 [88, 86] 2/2/376 465 (loaded: 52) 0kB 3458kB
1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3D [94, 96, 86, 88] 4/4/630 1 (loaded: 1) 0kB 807kB
1KVaAeeVhhW43FsYPWiEK7FSTuHdGnbeoX [] 0/0/0 1 (loaded: 1) 0kB 0kB
1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F [94, 96, 86, 88] 4/4/647 1 (loaded: 1) 0kB 818kB
1Q9xoVam2Kx4Y5r76QkPDCLVMq9t4jRqZc [] 0/0/0 3 (loaded: 3) 0kB 0kB

Final Remarks

ZeroNet is a promising technology for the Zero Marginal Cost Society, as it enables democratic access to publishing resources for creative commons sharing, without having to use any private enterprise infrastructure site to host your site content.

This means that ZeroNet is a very interesting technology  if you are worried that your site could be censored by any public authority or private entity, or if you would simple like to use it freely, as it does not imply any fee or payment to external entities.

References

BitTorrent: some torrent examples with comments

In this post I present some test “.torrent” files and Magnet URIs which can be used to quickly grasp their formats and uses.

You can click on each link and check how it behaves. It is useful to have a BitTorrent client installed on your system.

Public Torrent example

This one is a public torrent with an associated web seed and a web site.

  • .torrent file
  • Magnet URI
    • DJ Estaline – Bush-Texas.mp3.torrent.magnet
      • (WordPress is not interpreting correctly the Magnet URI, please copy and paste the link contents bellow)
    • link contents
      • magnet:?xt=urn:btih:869A111BBCA35743C021872DEBA3067E4432BABB&dn=DJ%20Estaline%20-%20Bush-Texas.mp3&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce&ws=http%3a%2f%2fdjestaline.wikidot.com%2flocal–files%2fficheiros%2fDJ%2520Estaline%2520-%2520Bush-Texas.mp3

“.torrent” file contents (slightly converted to a more human readable form)

(from the “bencoded” source)

d
8:announce
42:udp://tracker.opentrackr.org:1337/announce
7:comment
8:Politics
10:created by
14:uTorrent/3.4.8
13:creation date
i1476989190e
8:encoding
5:UTF-8
4:info
d
6:
length
i6320796e
4:name
28:DJ Estaline - Bush-Texas.mp
312:piece length
i16384e
6:pieces
7720: ... [binary contents, SHA hash for each torrent piece]
8:url-list
l
87:http://djestaline.wikidot.com/local--files/ficheiros/DJ%20Estaline%20-%20Bush-Texas.mp3
e
7:website
29:http://djestaline.wikidot.com
e

Trackers tab

As we can see in the following screenshot, all public tracking option become active, for public torrents.

screen-shot-11-01-16-at-02-16-pm
Private Torrent example

This one is a private torrent (with no associated web seed and with no web site).

“.torrent” file contents (slightly converted to a more human readable form)

(from the “bencoded” source)

d
8:announce
26:udp://192.168.43.188:20111
7:comment
6:Ethics
10:created by
14:uTorrent/3.4.8
13:creation date
i1476985115e
8:encoding
5:UTF-8
4:info
d6:length 
i732620e
4:name
36:Ethics by Benedictus de Spinoza.mobi
12:piece length
i16384e
6:pieces
900: ... [binary contents, SHA hash for each torrent piece]
7:private

Trackers tab

As we can see in the following screenshot, only a private tracker is active, for private torrents. DHT, Local Peer Discovery and Peer Exchange become disabled.

screen-shot-11-01-16-at-02-16-pm-001

References

  1. BitTorrent Architecture Overview
  2. BitTorrent Protocols Analysis
  3. The BitTorrent Protocol Specification –  http://www.bittorrent.org/beps/bep_0003.html
  4. http://stackoverflow.com/questions/3844502/how-do-bittorrent-magnet-links-work
  5. https://en.wikipedia.org/wiki/Magnet_URI_scheme
  6. Extension for Peers to Send Metadata Files – http://www.bittorrent.org/beps/bep_0009.html