Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

Links for 2019-11-03

November 03, 2019 — Carlos Fenollosa

Why 80x25?

80×25 (5 min, via is fantastic research where author mhoye puts the puzzle pieces together and discovers why our 2019 console emulators launch with a default resolution of 80x25.

I'm not going to spoil it, you will need to read the article. Here's the first paragraph:

Every now and then, my brain clamps on to obscure trivia like this. It takes so much time. "Because the paper beds of banknote presses in 1860 were 14.5 inches by 16.5 inches, a movie industry cartel set a standard for theater projectors based on silent film, and two kilobytes is two kilobytes" is as far back as I have been able to push this, but let's get started.

7000 DOS games in your browser

The Software Library: MS-DOS (RH, via) is an outstanding collection of DOS software from the Internet Archive playable in-browser via dosbox-js emulation, including, of course, the aforementioned 7000 games.

Go try it out and waste the rest of this Sunday!

Play Simcity in your browser

A Gameboy modern clone

Analogue Pocket, a Gameboy Color/Advance built using modern technology (5 min, via)

An interesting console with hardware for loading original Gameboy cartridges but running with more modern hardware like a hi-res backlit LCD and a rechargeable battery.

I'm always tempted to buy these, but in the end I keep using my NDS Lite as a retro emulator.

The Analogue Pocket

NordVPN and TorGuard hacked

NordVPN confirms it was hacked (2 min, via), NordVPN and TorGuard VPN Breaches: What You Need to Know (5 min, via) and Make yourself an iOS-compatible VPN with OpenBSD

NordVPN told TechCrunch that one of its data centers was accessed in March 2018. "One of the data centers in Finland we are renting our servers from was accessed with no authorization," said NordVPN spokesperson Laura Tyrell.

The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.

And

[NordVPN advisory board member Tom Okman] said it was hard to determine if hackers obtained information on the internet usage of Nord users because the company doesn't collect logs of activity on its servers, a selling-point to privacy-conscious customers. 'I think that the worst case scenario is that they could inspect the traffic and see what kind of websites you could visit,' Okman said. He said this would only apply to Nord users who used its Finnish server and were accessing websites that didn't use the secure protocol HTTPS

HN user safeplanet-fesa also raises questions about Tesonet, the parent company of NordVPN

Twitter user @hexdefined details how an attacker could have performed a MITM attempt given what we know about the breach.

Drew DeVault started an interesting thread discussing alternatives on his Mastodon account.

A homemade PCB

My First PCB! (5 min, via)

Recently I linked to a homemade tutorial on how to make an IC, and this week I found this tutorial where Laura Lindzey explains how to make the jump from a proto-board and make a real PCB at home.

I will always link to these home electronics experiments, I love them.

Spying on children at school

Gaggle Knows Everything About Teens And Kids In School (2 min, via)

I'm sure that future adults will appreciate having a record of every word they uttered at school /s

Very elaborate, state-targeted Whatsapp attack

WhatsApp hacked to spy on top government officials at U.S. allies (2 min, via)

A very high-profile attack used a Whatsapp vulnerability "to take over users' phones". Which users? "High-profile government and military officials spread across at least 20 countries on five continents"

Unfortunately, the article doesn't explain how the app exploit propagated upwards to the OS and take full control of the phone, which is the real key of the question.

StarCraft AIs start beating humans

AlphaStar: Grandmaster level in StarCraft II using multi-agent reinforcement learning (RH, via)

People have been trying to develop Starcraft AIs since forever, but this is the first time that a bot can beat a world champion player.

Our new research differs from prior work in several key regards:

  1. AlphaStar now has the same kind of constraints that humans play under – including viewing the world through a camera, and stronger limits on the frequency of its actions
  2. AlphaStar can now play in one-on-one matches as and against Protoss, Terran, and Zerg
  3. The League training is fully automated, and starts only with agents trained by supervised learning, rather than from previously trained agents from past experiments.
  4. AlphaStar played on the official game server, Battle.net, using the same maps and conditions as human players. All game replays are available here

Go check the replays now!

The Internet is no longer what it was

50 years ago, I helped invent the internet. How did it go so wrong? (5 min, via) and I Miss the Old Internet (1 min, via) are a couple nostalgic pieces about the old internet, defending why it was better, because it was more decentralized, more personal, and wasn't just another way to push ads in front of eyeballs.

On a related note, A History of Personal and Professional Websites (10 min) is a series of screenshots showcasing the author's first websites, real nostalgia fuel.

Face recognition to unlock porn

Australia wants to use face recognition for porn age verification (1 min, via)

What could possibly go wrong?

Chat over the email protocol

Delta Chat, Instant E-Mail Messaging (1 min, via)

Delta Chat is essentially a GUI over email which displays threads as chat conversations. And I really like that!

This is a really interesting project which, although it will rarely take off on the mainstream, can already argue they already took care of the network effects of their platform. Kind of like the old Google Talk, but universal.

It even includes E2E encryption by default by integrating Autocrypt. The project is actively maintained, so why don't you give it a try?

Running out of IPv4 addresses

This Time, There Really Are NO IPv4 Internet Addresses Left (1 min, via)

Is it the boy crying wolf again? Is this the digital equivalent of "we will run out of oil in 25 years"?

Some big ISPs still have a large stockpile of IPv4s but others that haven’t deployed IPv6 may have to stretch that out by adopting awkward solutions like internet address sharing (Carrier Grade NAT), which can in some circumstances create problems for internet systems that use unique IP addresses to identify, process and or block user activity.

In other cases we have seen some commercial trading of retired IPv4 address space and this is likely to become more common, at least until the day comes that IPv4 can finally be put to bed.

It seems that we may be in overtime, but there is still a life for IPv4 after all.

At this point I'm not sure what I prefer. Some years ago I even paid my ISP to have a static IP, which I used to host stuff at home. Nowadays, I have a $5/month VPS to host, and I really want to be anonymous at home, so I appreciate address sharing, which hides my real IP to the server, and can only be deanonymized with a judge order to the ISP.

Tags: roundup

Comments? Tweet