War of the Worlds – 70th Anniversary
The Martians are coming!
The Martians are coming!
Just 70 years ago, on October 30 1938, Orson Welles terrified millions of listeners with his dramatization of the classic H.G. Wells sci-fi novel The War of the Worlds.
The radio show was performed as a Halloween episode of the series Mercury Theater on the Air. You can get the original recording in MP3 from the web site among other shows.
El Geek Errante finalista de los premios BOB 2008
Acabo de recibir hace un rato un mail de TheDoctor anunciándonos al resto de los errantes que somos finalistas con nuestro podcast El Geek Errante de los premios BOB 2008… ¡y yo con estos pelos! ;)
Falta decir, que llegados a este punto lo que hace falta es que nos votéis y dejéis algún comentario de apoyo :)
¡Gracias a todos por escucharnos y votarnos! :)
Reto 0×01 de Geek Puzzle II
Desde las 00:00 GMT+1 tenéis disponible el siguiente reto de Geek Puzzle II.
Es muy fácil… así que no hay escusa para no resolverlo en pocos minutos. A por él.
Turing Test & Loebner Prize
On October 12 took place, at the University of Reading, the 18th edition of the Loebner Prize. In this competition, several ACEs (Artificial Conversational Entities) interact with humans through a chat-like interface. ACEs have to deceive their human interrogators, making them think that they are talking to another human, instead of a machine.
The competing ACEs have to face several five minute long rounds where human interrogators talk to ACEs without any constraints, so the ACE must be versatile enough to maintain a coherent generic conversation with a non predictable human. Interrogators doesn’t know whether they’re talking to a human or to a machine so, if the ACE is able to behave like a human the interrogator will be fooled.
The software that won this year edition was Elbot, created by Fred Roberts, who won the $3000 prize, sponsored by Hugh Loebner. Elbot was able to fool 25% of humans, which means that they’re geting closer to the 30% threshold set by Alan Turing in his original paper of 1950.
These kind of tests are the so called Turing Tests, and the formal definition given by Alan Turing in his paper “Computing, machinery & intelligence” is as follows: “If, during text-based conversation, a machine is indistinguishable from a human, then it could be said to be ‘thinking’ and, therefore, could be attributed with intelligence”.
It’s worth to have a look at the transcriptions of the conversations, one can found there even some kind of “feelings” and “humor” in the answers given by the AIs, without a doubt a good trick to fool the human judges. But, can this skill “to behave like” be called intelligence?
Reto 0×00 de Geek Puzzle II
Da comienzo oficialmente la segunda edición de nuestro concurso Geek Puzzle. Tenéis toda la información necesaria en nuestro blog de Geek Puzzle, y acaba de ser publicada la primera prueba a la que hemos llamado “Chess Master” y que ha sido diseñada por el ganador de la primera edición del concurso, nuestro amigo Victor Arambulo.
Tenéis una semana antes de que publiquemos la siguiente prueba… ¡a darle caña!
Hacking Democracy
In less than a month from now, specifically on November 4th, will take place the US presidential election. As a geek, one of the most interesting things of this event is the use of e-voting systems.
I don’t live in the US, I live in Spain where the vote counting is a totally manual procedure as we vote using paper ballots inside envelopes that are put into a ballot box. We have different ballots for each party or available choice in the election. When the election is closed, the ballot boxes are opened and the votes are counted manually. This is a hard and time consuming process.
Having this kind of voting system in my country it’s curious to see how e-voting systems are used in other places to input the vote, as in touchscreen voting machines, or just to count the votes in paper ballots using optical or mechanical systems.
I have just watched again this afternoon the documentary Hacking Democracy, and it’s amazing that the Hursti Hack were so simple and easy to perform… that makes the whole system looks pretty vulnerable, don’t think so?
OK, just for all of you that live in a cave and had not watched the documentary, here you have it (with spanish subtitles):
You can think “hey! that happened some years ago, I’m sure that all those hacks are fixed by now…”. Well I wouldn’t be so sure, it seems that there are a lot of security leaks out there. If you don’t know about Black Box Voting check it out, it’s worth it.
In the last DEFCON one of the conferences was about the EVEREST report, analyzing the electronic voting systems that are currently in use in the US, and there are a lot of videos showing how to tamper with the voting machines.
I’ve to say that even being a techie the more I know about the (in)security of all these e-voting systems the more comfortable I feel with all those big and old and paper ballots.
Comienzo de Geek Puzzle II
Vamos a dejar una semana más para daros algo más de tiempo a que os registréis en la segunda edición de nuestro concurso de retos técnicos Geek Puzzle. Aunque podéis comenzar a jugar cuándo queráis, si no resolvéis el reto dentro de su semana de publicación los puntos que se os asignarán serán la mitad, así que es conveniente que empecéis a jugar desde el principio.
Venga… no me seáis vagos… registraros, os damos una semanita más ;)
Dejadnos un correo indicando vuestro nick y os meteremos en la base de datos de jugadores para poder contabilizar vuestros puntos.
SGAE + Canon + PS3 + PlayTV
Una de las “escusas” que había buscado para “justificar” el aumentar mi familia de consolas con una flamante Sony PS3 era la comercialización del PlayTV, de esta forma y aprovechando la reciente reducción de precios en la PS3 mataba dos pájaros de un tiro… juegos de última generación, reproductor de BluRay (con actualizaciones de firmware), TDT-HD y PVR, grid computing, en fín todo lo que un Geek podría desear.
Cual es mi sorpresa (que posteriormente se ha transformado en indignación y tendencias homicidas) cuando leo en varios blogs que Sony ha anunciado que en España se va a retrasar la comercialización del PlayTV, cuando en el resto de Europa ya está comercializado y cuando en Reino Unido ha sido un bombazo.
¿La razón que ha dado Sony?… pues que “este no es el momento de comercializarlo en España”. ¿Cómo que no es el momento?… me lo expliquen, porque yo no lo entiendo :(
¿Cuál parece ser la verdadera razón?… pues parece ser que la SGAE quería aplicar el canon al PlayTV, entre 12 y 30 euros por lo que se lee en la red y Sony no ha pasado por el aro, lo que implica que quizás España sea el único país de Europa en el que se comercialice una versión de PlayTV con DRM para cumplir con las exigencias de Siempre Gano Algún Euro.
Lo cierto de todo este asunto es que de PlayTV en España por el momento, nada de nada. Mirando en Amazon UK veo que se está vendiendo a 60 Libras que al cambio son unos 75 Euros. Ya sé lo que me va a traer Santa Claus estas Navidades ;)
Kill’em all TCP DoS
Last week a new hot topic arose in many security related blogs, podcasts and forums. A “new” and “devastating” DoS attack against TCP was revealed in a interview to two security researchers, Jack C. Louis and Robert E. Lee, both of them from Outpost24, who talked about their research in this podcast.
OK, a new “massive-destruction-bug”, one more to the list… do you remember when I wrote about the OpenSSL, BGP and DNS bugs? (in spanish).
The technical details that they have released are few and ambiguous, there were some confusion in many forums where people thought that it was a problem related with the Syn Cookies implementation, but it isn’t. They talked about Syn Cookies not in the server side but in the client side, as a way to establish a lot of connections without exhausting local resources.
Where’s the problem then? seemingly they were performing a massive scan and pentesting work with their UnicornScan tool when they found out that several hosts stuck, hanged even rebooted after the TCP connection was established in several “creative ways”.
Mainly it seems that one of those “creative ways” is the use a TCP window of 0, this means from the server point of view, that the client hasn’t enough resources (buffers) to receive data so the server waits until the retry timeout finish, send an ACK TCP segment to the client and waits for the answer to check if the window has been increased, in other words, if the client has now buffers to receive data.
It seems that if you establish several connections to a server that have an open TCP port, set a window of 0 in the initial negotiation during the three-way-handshake, and always answer to the ACK of the server with a window of 0, the server may end up using all the available resources, or maybe is just a matter of filling up the established connection table with never ending connections due to the 0 size TCP window.
From the client side, this work can be done with a minimum resource consumption as the connections are established through a TCP/IP stack in userland, and not the kernel one, here is when sockstress tool do the trick, besides that very few packets/bandwidth are needed to force the server to go to this state.
Maybe the problem is related to huge timeouts when a connection is in TIME_WAIT state, or with SACK before FIN state… Well I don’t know, there’re a lot of strange combinations that can end in a closed socket but with the related resources not correctly freed.
Neither a detailed technical explanation nor the sockstress tool has been released yet, so this is only a personal interpretation of what I have readed and listened. I guess that we’ll have to wait one more week to T2 Conference to learn more about all this mother-of-all-DoS thing. Some people is a bit skeptical about all this thing, just have to read Fyodor’s great post about all this topic.
Even though researchers assert that all network stacks (Windows, Linux, Solaris) are vulnerable to this bad client behaviour, no attack has been publicly reported to date. Hype? marketing to attract people to the conference? We’ll see in a week.
Geek Puzzle II: ready… go!
Ya está todo preparado para que comience la segunda edición de nuestro concurso Geek Puzzle. La propuesta que os hacemos en esta ocasión es similar a la que ya os hicimos para la primera edición. Tendréis que resolver 7 retos técnicos, donde pondréis a prueba vuestros skillz en redes, criptografía, programación. Cada semana publicaremos un nuevo reto, iréis acumulando puntos según los vayáis resolviendo, siendo el ganador aquel que más puntos tenga acumulados una vez finalicen de publicarse todos los retos. Además, el ganador recibirá un kit de cultivo de plantas carnivoras a parte del respeto y admiración del resto de Geeks, por supuesto ;)
Tenéis toda la información necesaria en la web de Geek Puzzle. Para participar únicamente tendréis que enviarnos un mail, de tal forma que os registremos para iros asignando los puntos. La primera prueba la publicaremos el próximo lunes día 13, asi que id calentando motores ;)