Docker is a very popular tool in the world of enterprise software development. However, it can be difficult to understand what it’s really for. Here we will take a brief look at why software engineers, and everyday users, choose Docker to quickly and efficiently manage their computer software.
You’ve probably heard of Bitcoin. Maybe you’ve even heard of other cryptocurrencies, like Ethereum. Maybe you’ve heard that these cryptocurrencies are mined, but maybe you don’t understand how exactly a digital coin could be mined. We’re going to discuss what cryptocurrency miners do and why they do it. We will be discussing the Bitcoin blockchain in particular, but keep in mind that Bitcoin has grown several orders of magnitude greater in the 9-10 years it’s been around. Though other cryptocurrencies change some things up a bit, the same general concepts apply to most blockchain-based cryptocurrencies.
Bitcoin is the first and the most well-known cryptocurrency. Bitcoin came about in 2009 after someone (or someones, nobody really knows) nicknamed Satoshi Nakamoto released a whitepaper describing a concept for a decentralized peer-to-peer digital currency based on a distributed ledger called a blockchain, and created by cryptographic computing. Okay, those are a lot of fancy words, and if you’ve ever asked someone what Bitcoin is then they’ve probably thrown the same word soup at you without much explanation, so let’s break it down a bit:
Decentralized means that the system works without a main central server, such as a bank. Think of a farmer’s market versus a supermarket; a supermarket is a centralized produce vendor whereas a farmer’s market is a decentralized produce vendor.
Peer-to-peer means that the system works by each user communicating directly with other user. It’s like talking to someone face-to-face instead of messaging them through a middleman like Facebook. If you’ve ever used BitTorrent (to download Linux distributions and public-domain copies of the U.S. Constitution, of course), you’ve been a peer on a peer-to-peer BitTorrent network.
Blockchain is a hot topic right now, but it’s one of the harder concepts to describe. A blockchain performs the job of a ledger at a bank, keeping track of what transactions occurred. What makes blockchain a big deal is that it’s decentralized, meaning that you don’t have to trust a central authority with the list of transactions. Blockchains were first described in Nakamoto’s Bitcoin whitepaper, but Bitcoin itself is not equivalent to blockchain. Bitcoin uses a blockchain. A blockchain is made up of a chain of blocks. Each block contains a set of transactions, and the hash of the previous block, thus chaining them together.
Hashing is the one-way (irreversible) process of converting any input into a string of bits. Hashing is useful in computer science and cryptography because it’s really easy to get the hash of something, but it’s almost impossible to find out what input originally made a particular hash. Any input will always have the same output, but any little difference will make a completely different hash. For example, in the hashing algorithm that Bitcoin uses called SHA-256, “UMass” will always be:
D79DCC44F746FB74C71CE93CAA65A527AD0A743E7E57F5D5E5A7F21337D742F9
but “UMasss” will be completely different:
3EA2E03CE0286302451E2EAB2ABFEC310A6A164B4F27634FED4E81744A50D4E4
In this 64-character string, each character represents 4 bits. This hash can also be represented as 256 binary bits:
1101011110011101110011000100010011110111010001101111101101110100110001110001110011101001001111001010101001100101101001010010011110101101000010100111010000111110011111100101011111110101110101011110010110100111111100100001001100110111110101110100001011111001
Those are the general details that you need to know to understand cryptocurrency. Miners are just one kind of participant in cryptocurrency.
Anybody with a Bitcoin wallet address can participate in the blockchain, but not everybody who participates has to mine. Miners are the ones with the big, beefy computers that run the blockchain network. Miners run a mining program on their computer. The program connects to other miners on the network and constantly requests the current state of the blockchain. The miners all race against each other to make a new block to add to the blockchain. When a miner successfully makes a new block, they broadcast it to the other miners in the network. The winning miner gets a reward of 12.5 BTC for successfully adding to the blockchain, and the miners begin the race again.
Miners can’t just add blocks to the blockchain whenever they want. This is where the difficulty of cryptocurrency mining comes from. Miners construct candidate blocks and hash them. They compare that hash against a target.
Now get ready for a little bit of math: Remember those 256-bit hashes we talked about? They’re a big deal because there are 2^256 possible hashes (that’s a LOT!), ranging from all 0’s to all 1’s. The Bitcoin network has a difficulty value that changes over time to make finding a valid block easier or harder. Every time a miner hashes a candidate block, they look at the binary value of the hash, and in particular, how many 0s the hash starts with. When a candidate block fails to meet the target, as they often do, the miner program tries to construct a different block. If the number of 0’s at the start of the hash is at least the target amount specified by the difficulty, then the block is valid!
Remember that changing the block in any way makes a completely different hash, so a block with a hash one 0 short of the target isn’t any closer to being valid than another block with a hash a hundred 0’s short of the target. The unpredictability of hashes makes mining similar to a lottery. Every candidate block has as good of a chance of having a valid hash as any other block. However, if you have more computer power, you have better odds of finding a valid block. In one 10 minute period, a supercomputer will be able to hash more blocks than a laptop. This is similar to a lottery; any lottery ticket has the same odds of winning as another ticket, but having more tickets increases your odds of winning.
You probably won’t be able to productively mine Bitcoin alone. It’s like buying 1 lottery ticket when other people are buying millions. Nowadays, most Bitcoin miners pool their mining power together into mining pools. They mine Bitcoin together to increase the chances that one of them finds the next block, and if one of the miners gets the 12.5 BTC reward, they split their earnings with the rest of the pool pro-rata: based on the computing power (number of lottery tickets) contributed.
The U.S. dollar used to be tied to the supply of gold. A U.S. dollar bill was essentially an I.O.U. from the U.S. Federal Reserve for some amount of gold, and you could exchange paper currency for gold at any time. The gold standard was valuable because gold is rare and you have to mine for it in a quarry. Instead of laboring by digging in the quarries, Bitcoin miners labor by calculating hashes. Nobody can make fraudulent gold out of thin air. Bitcoin employs the same rules, but instead of making the scarce resource gold, they made it computer power. It’s possible for a Bitcoin miner to get improbably lucky and find 8 valid blocks in one day and earn 100 BTC, just like it’s possible but improbable to find a massive golden boulder while mining underground one day. These things are effectively impossible, but it is actually impossible for someone to fake a block on the blockchain (The hash would be invalid!) or to fake a golden nugget. (You can chemically detect fool’s gold!)
Other cryptocurrencies work in different ways. Some use different hashing algorithms. For example, Zcash is based on a mining algorithm called Equihash that is designed to be best mined by the kinds of graphics cards found in gaming computers. Some blockchains aren’t mined at all. Ripple is a coin whose cryptocurrency “token” XRP is mostly controlled by the company itself. All possible XRP tokens already exist and new ones cannot be “minted” into existence, unlike the 12.5 BTC mining reward in Bitcoin, and most XRP tokens are still owned by the Ripple company. Some coins, such as NEO, are not even made valuable by scarcity of mining power at all. Instead of using “proof of work” like Bitcoin, they use “proof of stake” to validate ownership. You get paid for simply having some NEO, and the more you have, the more you get!
Blockchains and cryptocurrencies are have become popular buzzwords in the ever-connected worlds of computer science and finance. Blockchain is a creative new application of cryptography, computer networking, and processing power. It’s so new that people are still figuring out what else blockchains can be applied to. Digital currency seems to be the current trend, but blockchains could one day revolutionize health care record-keeping or digital elections. Research into blockchain technology has highlighted many weaknesses in the concept; papers have been published on doublespend attacks, selfish mining attacks, eclipse attacks, Sybil attacks, etc. Yet the technology still has great potential. Cryptocurrency mining has already brought up concerns over environmental impact (mining uses a lot of electricity!) and hardware costs (graphics card prices have increased dramatically!), but mining is nevertheless an engaging, fun and potentially profitable way to get involved in the newest technology to change the world.
The last time we talked about Android Studio, we learned about the layout of an Android app, and how different parts of the app are organized. You can find our previous discussion of Android Studio here. Now that we are familiar with using Android Studio and navigating around the guts of an Android app, let’s get started with making our first app.
You may have recently noticed a new headline on the IT Newsreel you see when logging into a UMass service. The headline reads “Campus Wireless Infrastructure Patched Against New Cybersecurity Threat (Krack Attack)“. It’s good to know that UMass security actively protects us from threats like Krack, but what is it?
The KRACK exploit is a key reinstallation attack against the WPA2 protocol. That’s a lot of jargon in one sentence, so let’s break it down a little. WPA2 stands for Wi-Fi Protected Access Version 2. It is a security protocol that is used by all sorts of wireless devices in order to securely connect to a Wi-Fi network. There are other Wi-Fi security protocols, such as WPA and WEP, but WPA2 is the most common.
WPA2 is used to secure wireless connections between the client, such as your smartphone or laptop, and the router/access point that transmits the network. If you have a Wi-Fi network at home, then you have a router somewhere that transmits the signal. It’s a small box that connects to a modem – another small black box – which might connect to a large terminal somewhere in your house called the ONT, and which eventually leads to the telephone poles and wiring outside in your neighborhood. Secure connections have to be implemented at every level of your connection, which can range from the physical cables that are maintained by your internet service provider, all the way to the web browser running on your computer.
In order to create a secure connection between the router and the client, the two devices have to encrypt the data that they send to each other. In order to encrypt and decrypt the data they exchange, the two devices have to exchange keys when they connect. The two devices then use these keys to encrypt the messages that they send to each other, so that in transit they appear like gibberish, and only the two devices themselves know how to decipher it; they use these same keys for the duration of their communications.
WPA2 is just a protocol, meaning that is a series of rules and guidelines that a system must adhere to in order to support the protocol. WPA2 must be implemented in the software of a wireless device in order to be used. Most modern wireless devices support the WPA2 protocol. If you have a device that can connect to eduroam, the wireless network on the UMass Amherst campus, then that device supports WPA2.
This KRACK exploit is a vulnerability in the WPA2 protocol that was discovered by two Belgian researchers. They were able to get WPA2-supporting devices to send the same encrypted information over and over again and crack the key by deciphering known encrypted text content. They were able to get WPA2-supporting Android and Linux devices to reset their WPA2 keys to all zeroes, which made it even easier to crack encrypted content.
The real concern is that this is a vulnerability in the WPA2 protocol itself, not just any one implementation of it. Any software’s implementation of WPA2 that is correct is vulnerable to this exploit (newsflash – most are). That means essentially all wireless-enabled devices need to be updated to patch this vulnerability. This can be especially cumbersome because many internet-of-things devices (think of security webcams, web-connected smart home tools like garage doors) are rarely ever updated, if at all. Their software is assumed to just work without needing regular maintenance. All of those devices are vulnerable to attack. This WIRED article addresses the long-term impact that the KRACK exploit may have on the world.
The good news is that many software implementation patches are already available for your most critical devices. UMass Amherst has already updated all of our wireless access points with a patch to protect against the KRACK exploit. Also, with the exception of Android & Linux devices which are vulnerable to key resets, it is not very easy to exploit this vulnerability on most networks. One would need to generally know what they are looking for in order to crack the encryption key, but an attacker may be able to narrow down possibilities with social cues, such as if they see you at Starbucks shopping for shoes on Amazon.
The general takeaway is that you should update all of your wireless devices as soon as possible. If you are interested in learning more about KRACK, how it works on a technical level, and see a demonstration of an attack, check out the researchers’ website.
You may have heard someone say that they use a VPN to protect themselves on the internet. What is a VPN? What does it do? How can you use it to protect yourself?
VPN stands for virtual private network. They are essentially simulations of connections (hence the ‘virtual’ part) to a certain private networks (networks that one can’t normally connect to from outside or over the internet). They allow users to connect to a local private (e.g. corporate) network remotely from, say, their home, or a coffee shop. A VPN allows its users to interact with the local network as if they were normally connected to it. For example, say a developer at a tech startup wanted to work on her project at her local Starbucks instead of commuting into the office, but to protect their intellectual property the startup doesn’t allow anyone to look at their code without being connected to their local onsite network (sometimes referred to as an intranet). However, the developers at the startup aren’t big fans of the cubicle life, and like to roam around and do their work at the library with a book, or at home with their dogs. Fortunately, the startup has a VPN set up so that the developers can log into the intranet and look at their projects remotely. The computer appears as if it actually is physically located in the office and has almost all of the access that it would have if it was literally in the office.
But how does the VPN make sure that only the right people have access to the network? This is where the magic of the VPN is. When you log into your VPN client with your username and password and the server authenticates you, your computer creates a point-to-point encrypted tunnel between you and the VPN server — think of it as a really long tube that runs between your computer and the server in the office that nobody in between can look inside of. That means if you’re sitting at Starbucks and your company uses Comcast as its internet service provider, nobody in your Starbucks can peek into your Wi-Fi signal (this is referred to as a man-in-the-middle attack), and Comcast can’t snoop into what’s in the data that your company is sending to you before it delivers it to you.
Having a reliable, trustworthy connection to a server over the internet can be a very valuable tool. In a world of big data, hacking, online banking, password leaks, and government surveillance, being able to communicate with anyone securely is very important.
In addition to providing secure connections to remote servers, VPNs provide another incredibly useful ability as a sort of side effect — a VPN can act as a sort of ‘online mask,’ so that you can browse around a website without the website knowing exactly who you are. Generally speaking, your identity to the World Wide Web is your IP address, which can be used to determine your location down to the city/town. When you access a website, you send your IP address to the website’s server (so that the website knows who to send information back to), and your internet service provider (e.g. Comcast) knows that you are communicating with this website (if your connection is unencrypted, Comcast can also see the content of your communications with the website). When you access this website through a VPN server, your request first goes through the encrypted tunnel to the VPN server, and the VPN server then bounces the request along to the website itself (over an unencrypted connection). When the website responds to the VPN server, the server bounces the response back to you over your encrypted tunnel. The website believes that they are just communicating with the VPN server, without any clue that their response is being passed on to anyone else. Comcast may be able to read the communications between the website and the VPN server, but they have no way of knowing that the communication is connected to you.
There are other ways to hide your identity on the internet. You can use a proxy, which appears similar to a VPN on the surface. You can connect to a website through a proxy to hide your IP address from the website, so the proxy also acts like a man-in-the-middle like a VPN does. The difference is that your computer’s connection to the proxy is not encrypted, so from a large enough scope, your communication with the website could be traced back to you. If an internet service provider such as Comcast happened to service both the connection from you to the proxy server, AND from the proxy server to the website, they could piece together that it was you who connected to the website over the proxy, and since the communications aren’t encrypted, they could also see exactly what you were communicating about with the website over the proxy. Proxies also don’t mask your IP address over the entire computer — you have to configure each application individually to send all of it’s internet-based protocols through a proxy server. VPNs are OS-wide, meaning that it protects your entire computer no matter what internet-based protocol is being sent out.
Thanks to the ability to provide anonymity over the internet, some companies have emerged that make a business out of providing access to their VPN servers. Their business model is that, for a fee, you can connect to their VPN servers to use as an ‘online mask’ however you like, and whatever you do won’t be traced back to you. The catch is whether a particular company is trustworthy or not — some VPN service providers log your activity and give it to authority or sell it to the highest bidder, essentially nullifying the anonymity that a VPN provides. You should always be skeptical and selective when choosing a VPN service provider; and remember, you get what you pay for. There are many free VPN service providers out there that allow you to use their servers for free up to a certain bandwidth; as a general rule of thumb, whether it be regarding free VPN service providers or free social networks, as long as someone is making a profit, if you’re not paying for the product, YOU are the product!
In conclusion, there are many ways to protect yourself over the internet, and selecting the best tool for your needs is the way to go. If you’re abroad and you want to watch a show on Netflix but it’s not available in the country you’re in, you can use a proxy to connect to a US server and stream it over your proxy connection, since encryption isn’t mandatory for this case. If you’re at Dunkin’ Donuts and you’re working on a top-secret project for your startup and you don’t want any tech-savvy thieves stealing your code over your free Wi-Fi connection, you can use a VPN to encrypt your connection between you and your company server. If you want to check your bank account online, but the bank doesn’t have good online business practices and don’t encrypt their web communications by default, you may want to use a VPN when logging into your bank’s website to make sure that nobody successfully fishes for your username and password. And if you’re working on an absolutely, positively, unconditionally classified, top-secret, sensitive, need-to-know-basis document, but you really, really, really want to get a frappuchino, perhaps you should consider getting yourself one of those sweatshirts with the oversized privacy hoods that you can wrap around your computer display, as seen above.
Last time we covered the basics of Google’s official IDE for Android app development: Android Studio. You can find that article here. Now we will learn about how an Android app is structured and organized, what files interact with each other, and what they do.
Android is a great platform for a beginner developer to make his or her first smartphone app on. Android apps are written in Java, and the graphics are generally written in XML. Android apps are developed in many well-known IDEs (integrated development environments – programs that typically package together a code editor, compiler, debugger, interpreter, build system, version control system, and deployment system, as well as other tools) such as Eclipse, IntelliJ IDEA, and Android Studio. In this article we will cover the basics of Android Studio.
Virtual reality has long been a dream of gamers everywhere. The next level of immersion into a fictional world will bring players themselves into the game, instead of simply showing it on a screen. The idea of being ‘plugged in’ to a different reality has been used in fictional films like The Matrix and TV shows like Fringe, but that’s all these realities have been – fiction.
Until now.
For the past few years, virtual reality projects have been popping up and growing in complexity and immersion. There are a few different ideas about how it should be done; here we will take a look at some of the most well-known virtual reality projects.
One of the first major virtual reality projects, the Oculus Rift is arguably the most recognizable name in the industry so far. Originally announced in August 2012, the Oculus Rift started as a Kickstarter campaign that raised $2.4 million. In June 2015, Facebook bought the Oculus VR company for $2 billion. Oculus Rift devices have been seen at numerous gaming and technology expos, such as PAX, E3 and SXSW, as development kit platforms for many indie games. The Oculus Rift Development Kit has went through 2 iterations and has been used for development for the past 3 years.
The Oculus Rift boasts a 1080×1200 resolution per eye, a 90Hz refresh rate, and a 100 degree field of vision.The consumer edition of the device is approaching its release in Q1 2016.
Initially, it was little more than a virtual reality development kit exclusive to developers and game studios. The company had been distributing Development Kits since its Kickstarter campaign. Today, the Oculus Rift is preparing for its consumer launch, and some preorders have already been shipped.
The Oculus Rift is generally considered the most premium of current VR projects. The manufacturing process for the Rift involves hundreds of custom parts and tracking sensors. The project has been praised for being one of the most sleek and seamless VR devices, and is also notable in its progress in one of the biggest challenges in the VR industry today: VR interaction.
We are a long way away from virtual reality experiences that would allow the user to naturally move in or touch something in the environment. Many other projects either leave the user stationary and only able to look around; some, including the Oculus Rift, allow users to move using a gamepad. Oculus, however, has also made progress of their own in VR interaction. The Oculus Touch is a pair of ergonomic controllers featuring buttons, joysticks, and triggers that also track hand movement. The Oculus Touch compliments the Oculus Rift and is currently available for developers.
The Oculus Rift will need to be run by a very powerful computer, since it is so graphically intensive. Their website recommends a machine with:
Dell, Alienware, and ASUS have already announced lines of Oculus-ready high performance PC towers, starting at around $950-$1000.
The Oculus Rift Consumer Edition is scheduled to hit the market in Q1 2016. It will cost $350, and include removable headphones (allowing the user to use their own headphones), an Xbox One for Windows controller, the Oculus Touch controller, and an LED camera stand used to track head movement.
Originally announced in September 2014, the Samsung Gear VR was developed by Samsung in collaboration with Oculus. The device itself is not a complete virtual reality experience; the most recent revision needs a Samsung Galaxy S6, S6 Edge, or Note 5 to be plugged into it by Micro USB to act as the display and processor. The headset itself contains only the field of view lenses and an accelerometer (the phone’s built-in accelerometer is not very powerful and does not provide adequately accurate tracking capability to provide a premium VR experience).
The Samsung Gear VR is currently one of the most popular consumer-grade virtual reality headsets because of its low price; the headset itself only costs $100. The phone, of course, is separate, but many Gear VR users already use an S6 device as their personal smartphone.
The Gear VR features a small trackpad and button on the right side of the headset, allowing for limited VR interaction capability.
However, you do get what you pay for. The display’s immersion is only as good as the device powering it, which is usually 60Hz or less, and there are no built-in headphones; you have to plug them into the phone and deal with the headphone wire. Graphics are usually prerendered and not as detailed as tethered VR devices that rely on a PC tower for active rendering.
Google Cardboard is the cheapest of the consumer-level options for virtual reality.
It is essentially a build-it-yourself Gear VR. Like the Gear VR, it is powered entirely by the smartphone, but unlike the VR, it relies the phone’s built-in accelerometer, and there is no headstrap so you have to hold the device up to your eyes while using it. The headset itself is, as the name implies, nothing but a folded cardboard container with a pair of convex lenses inside.
Google Cardboard is easy to make at home, and its website gives instructions on how to find the parts necessary and put them together. There are many manufacturer variations on Google Cardboard that are built in different ways and available for purchase and assembly.
The headset fits any phone up to 6″ and Cardboard apps are available for iOS, Android, and Windows Phone.
The HTC Vive, announced in March 2015, is a virtual reality headset being developed in partnership between HTC and Valve. The device is part of Valve’s larger effort to expand the Steam platform into more areas – including other projects such as the Steam Controller, Steam Link, Steam Machines, and SteamOS, all part of the Steam Universe.
The headset is tethered to a base known as the Lighthouse, but it is still meant to be moved around in. The device contains more than 70 sensors including a MEMS gyroscope, accelerometer and laser position sensors. The headset comes with two Lighthouse towers that emit lasers to map out the room in accordance with the headset’s front cameras. The cameras also track static and moving objects in front of the user, allowing the device to warn the user of hitting an obstacle, like a wall.
Valve has released SteamVR APIs to everyone under the label OpenVR, allowing developers to create virtual reality environments with or without the use of Steam.
The Vive Developer Edition is available now for free for certain developers, and it comes with SteamVR Controllers, a pair of one-handed controllers similar to the Oculus Touch, but based off of the concave trackpads of the Steam Controller. No word yet on a Consumer Edition.
Microsoft’s HoloLens platform is a little different from the other virtual reality headsets we’ve seen; it’s more like Google Glass than the Oculus Rift. Instead of showing you a completely different world, the HoloLens captures the setting around you and superimposes ‘holograms,’ in a sort of ‘mixed reality.’ You still see what’s in front of you, but you can see and interact with non-real figures as if it’s all right in front of you.
[youtube width=”640″ height=”360″]https://www.youtube.com/watch?v=aThCr0PsyuA[/youtube]
Users can interact with the holograms through eye movements, voice commands, and hand gestures. The device uses an array of video cameras and microphones, an inertial measurement unit (IMU), an accelerometer, a gyroscope, and a magnetometer. A ‘light engine’ sits atop the lenses and projects light into a diffractive element that then reflects into the user’s eyes, creating the illusion of holograms.
The most impressive part of the HoloLens is its integration. The device needs no wires nor external processing power. It is completely untethered, allowing the user to move freely through their environment. The headset houses the battery and all of the processor systems inside. It contains a holographic processing unit (HPU) that takes in the information from the environmental sensors and creates the holographs. The holographic display is presented with an optical projection system.
The Development Edition will begin shipping in Q1 2016 and will cost $3000. There is no word yet of a consumer edition.