llongi's blog

The last post was in 2013, and the one before that inaugurated 2012 with a "Happy New Year!". That's several Happy New Year's since then, and much has changed in the meantime.

I moved from Dietikon to Zürich in 2014. New apartment, new roommates. I completed my Bachelor's degree in Informatics, Software-Systems in 2015. Finally.

I started working for a great company in 2013, iniLabs Ltd., a spin-off from the Institute of Neuroinformatics (INI) here at the University of Zürich, that works on neuromorphic hardware, specifically bio-inspired vision sensors. Had the opportunity to work with IBM's TrueNorth development team on integrating the sensors with their platform in 2013-2014 as part of the DARPA SyNAPSE project. Met lots of great people, went several times to California (US), partecipated in the 2015 Telluride (Colorado, US) Neuromorphic Engineering Workshop, met even more awesome people. Two fun years working on embedded hardware, low-level C libraries, VHDL FPGA logic and Java GUIs, everything I ever wanted. And it's all set to continue, as we're currently expanding our offering of neuromorphic devices.

On the open-source front, I started contributing to usb4java in July 2013 due to my work at iniLabs, where we use it extensively in the jAER project to talk to the vision sensors in a performant and platform-independant way, as well as in the Flashy project, a tool to update firmware and logic on our sensor devices. Also almost all of the code I've worked on is available openly from the jAER project or the iniLabs GitHub pages. In 2013 I moved my own projects from self-hosted SVN to Git & GitHub, including the source for this blog. Great service.

After over a decade of self-hosting, I moved everything over to Google Apps. Very happy with not having to care about any of that anymore, I just didn't have the time for server maintainance.

Photos of San Francisco, Colorado, New York, Yellowstone, London and other places I visited can be found in the new gallery, powered by Google Drive. I took most of them during the 2015 road-trip through central US with my good friend Diederik Moeys, a PhD here at INI.

I've gone through all the pages in the blog here and updated them, so they should reflect current reality better. I'm hoping to keep the blog more up-to-date in the future. I've promised myself I'd use it to document the resurrection of my oldest hobby: N-scale model trains. More on that soon.

Here some old hardware I have to sell, everything should still work, but there's no guarantee!

• Texas Instruments, "Voyage 200 Calculator" (good condition, cables+manuals+batteries, tested) (100 CHF)
• Huawei, "HSDPA USB Modem E220" (5 CHF)

(Update: the above are the only two things I'm keeping around or haven't sold yet. Contact me!)

First post of 2012, so let's start off with a "Happy New Year!" to everyone.
On an even happier note, I just got word that I passed all my exams. :-)

Now the real topic of this post is SSH, more specifically how to make your SSH connections even more secure than they already are. OpenSSH by default prefers slightly less strong cryptographic algorithms (like AES128 is preferred to AES256), and for its HMAC it still prefers MD5-based HMACs, which, while still kinda secure, are clearly less secure than the SHA2-512 based ones, for which OpenSSH added support in the 5.9 release.
Assuming you're running OpenSSH >=5.9 everywhere, like in my setup, configure your sshd's as following, so that they will only offer the most secure known algorithms in their strongest variants first. This will also only offer SSH protocol 2, as well as set some other miscellaneous login-related settings and make the server check periodically that clients are alive, and if not, terminate the connection.

Protocol 2
LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
MaxSessions 5
ClientAliveCountMax 3
ClientAliveInterval 5
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256
MACs hmac-sha2-512,hmac-sha2-256

Configure your SSH client as follows to only connect to sshd's using secure algorithms, again trying the strongest first. This also enables SSH protocol 2 only, periodically checks that the server is alive (especially useful with sshfs and its '-o reconnect' flag, when working over unstable links like wireless). It further lowers the amount of data needed for a rekey, default would usually be between 1G and 4G.
Note that I had to split up some lines for better readability on the blog, you can notice those by the increased indentation, just always make sure everything is on one line!

Host *
  Protocol 2
  ServerAliveCountMax 2
  ServerAliveInterval 4
  Ciphers aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,aes256-cbc
  KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,
    diffie-hellman-group-exchange-sha256
  MACs hmac-sha2-512,hmac-sha2-256,hmac-md5,hmac-sha1
  HostKeyAlgorithms ecdsa-sha2-nistp521-cert-v01@openssh.com,
    ecdsa-sha2-nistp384-cert-v01@openssh.com,
    ecdsa-sha2-nistp256-cert-v01@openssh.com,
    ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
    ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
  RekeyLimit 512M

Given both the server and client running OpenSSH >=5.9 and being configured correctly, you get an SSH connection using AES256-CTR as cipher, exchanging keys using ECDH-SHA2-NISTP521, and using HMAC-SHA2-512 for integrity checking. Basically AES-256 and SHA2-512 everywhere, which, as far as I know, are state-of-the-art in their respective application domains and still considered very secure.
Hope this helps increasing security, as well as reliability (the Alive options especially with sshfs).

Just a general notice that I'll be absent from 14.11 to 09.12.2011 because of military service.
If you want to get in contact with me, write me an e-mail, I'll try to check those at least daily, or, if it's really urgent, write me an SMS, just don't expect a reply right away.
I'll see you all in a month!

As previously announced I went to the Within Temptation concert in Zürich at the Volkshaus.
A venue I've never been before, but it was very comfortable, all seated places.
The music and the band were great, being part of their "The Unforgiving" tour, they played most songs from their latest album, and mixed in some old classics like "What Have You Done". Great show, congratulations!
Only negative was the long wait till they started playing, 1:20 after the official beginning of the concert, about 45 minutes of which were taken up by the opening act, can't remember their name, didn't like them much, and found them wholly inappropriate given what came after, it was some kind of (kinda-hard) rock, as opening for a gothic metal band? Oh well, I was probably just anxious for WT to start playing. :)
I took two videos:

• Faster (Removed because of file size limitations)
• What Have You Done (Removed because of file size limitations)

as well as some photos. The quality is terrible, I forgot my camera and had to do with the cell.
While I was uploading these, I noticed a few older StreetParade 2011 photos too.

And, this time from the real camera, I added the photos from the Computer-Linguistik week-end in Flumserberg.
That was incredibly fun, got to know lots of new people, it was a really great idea.

And while we're talking about great music, take a look at "Nickelback - When We Stand Together", amazing song, great video, profound message. Waiting on the new album!

Ahahaha, thanks to a couple of friends, I found out today that you can set "English (Pirate)" as a language in Facebook, which results in a really unique experience, totally awesome!

I also added a Blogroll on the right, where I link to other blogs I follow myself, pretty much all of them very technically oriented.

The new Within Temptation album "The Unforgiving" is really awesome music, which just meant that I couldn't resist, now that they're finally giving a concert in Switzerland, to go!
The concert will be on the 18th of October at the Volkshaus in Zürich, get tickets while you can, it'll be worth it! ;) See ya there!

I've been cleaning out my library, making space for new, exciting books, and in the process found several books and materials, I got for ETHZ classes back then, or even now at UZH, but mostly never even opened ...
All are in a good state, sometimes some usage traces, very rarely a manual annotation graces the pages.
Books for sale are the following, mostly in English and German, a few in Italian, prices are negotiable:

Books:

• Maurice Herlihy/Nir Shavit, "The Art of Multiprocessor Programming", 1. Edition (English, 15 CHF)
• David Harris/Sarah Harris, "Digital Design and Computer Architecture", 1. Edition (English, 15 CHF)
• David Kirk/Wen-mei Hwu, "Programming Massively Parallel Processors: A Hands-On Approach", 1. Edition (English, 30 CHF)
• Mark Lutz/David Ascher, "Learning Python", 2. Edition (O'Reilly) (English, 10 CHF)
• Larry Wall/Tom Christiansen/Jon Orwant, "Programming Perl", 3. Edition (O'Reilly) (English, 10 CHF)
• Jennifer Robbins, "HTML & XHTML Pocket Reference", 3. Edition (O'Reilly) (English, 5 CHF)
• Eric Meyer, "CSS Pocket Reference", 3. Edition (O'Reilly) (English, 5 CHF)
• Lothar Papula, "Mathematik für Ingenieure und Naturwissenschaftler, Band 1", 11. Auflage (German, 30 CHF)
• Lothar Papula, "Mathematik für Ingenieure und Naturwissenschaftler, Band 2", 11. Auflage (German, 30 CHF)
• Lothar Papula, "Mathematik für Ingenieure und Naturwissenschaftler, Band 3", 5. Auflage (German, 30 CHF)
• Klett Verlag, "Physikalische Formeln und Daten", 1. Auflage (German, 5 CHF)
• Hansen/Neumann, "Wirtschaftsinformatik 1: Grundlagen und Anwendungen", 10. Auflage (German, 25 CHF)
• Schreyögg/Koch, "Grundlagen des Managements: Basiswissen für Studium und Praxis", 2. Auflage (German, 25 CHF)
• Howard Anton, "Lineare Algebra: Einführung, Grundlagen, Übungen", 1. Auflage (German, 20 CHF)
• Tim Converse/Joyce Park/Clark Morgan, "PHP5 & MySQL: La Guida", Mc Graw Hill (Italian, 5 CHF)
• Bergamaschini/Marazzini/Mazzoni, "L'indagine del mondo fisico", Volumi A-F (Italian, 30 CHF)
• Giuseppe Ruffo, "Fisica per Moduli", Volume Unico (Italian, 15 CHF)
• Amartya Sen, "Globalizzazione e Libertà", Mondadori (Italian, 5 CHF)

Materials:

• KKarten, "BWL I - UniZH", HS 2011 (German, 15 CHF)
• KKarten, "BWL II - UniZH", FS 2011 (German, 15 CHF)
• Scherer, "BWL I - Grundlagen des Managements Script", HS 2010 (German, 5 CHF)
• Wehrli, "BWL I - Einführung Marketing Script", 10. Auflage 2010 (German, 5 CHF)
• Bernstein, "Informatik im Unternehmen/für Ökonomen I Script", HS 2010 (German, 5 CHF)

Got back from Berlin on Sunday evening, this time the train was only five minutes late, so I got on the connecting trains just fine.
Looking back at my stay in Berlin: 27C3 was great (read the other blog posts for a summary), the hotel we stayed at, Agon am Alexanderplatz, was great too, normal prices, clean, very spacey rooms, they were in fact old apartments converted to hotel rooms, so we had a big bedroom, bathroom, and a kitchen/living room area too, great to keep drinks chilled! I definitely recommend the place.
Food in Berlin was also usually great, be it from the BCC's catering, Las Malvinas (steak-house), or Piazza Rossa (pizzeria, Italian restaurant), or other places we went to, but I wanted to mention those two in particular as they were really good and relatively cheap, at least compared to our prices here in Switzerland.
On Friday we mostly relaxed at the hotel, seeing as the weather didn't really encourage much sightseeing, and then we went to the big New Year's Eve party at the Brandenburger Tor, which was really awesome, the Hermes House Band was great ("Country Roads, take me home, to the place, I belong, West Virginia, ..." ;) ). The fireworks weren't that impressive in my opinion, I expected much more from such an event, Lugano's are both bigger and last longer, and we're just a small swiss town!
I've uploaded a few photos I took with my new digital camera.
I spent most of Saturday in bed, as I managed to catch a cold, but that's getting better now, slowly. Watched a few of the talks I didn't see at CCC on the laptop. The official recordings are now being published, so if any talk interests you, download and watch it, it's worth it.

• "Hackers and Computer Science" is really awesome, watch that one!
• "Reverse Engineering a real-world RFID payment system" was very interesting too, as was
• "Chip and PIN is Broken", both concerning the security of widely used payment systems.
• "Rootkits and Trojans on Your SAP Landscape" was kinda scary, this one is probably very interesting for any Wirtschafts-Informatik student.
• Finally managed to watch "Console Hacking 2010", which brings great news: it will soon be possible to install Linux on the PS3 again, and boot it directly.
• "Data Recovery Techniques" was a very informative talk about storage media and how and when they can be recovered in practice.
• "USB and libusb" gives a great overview of what USB is, how it works, and how to program it under Linux, really worth a viewing if you plan to do anything with USB.

From Berlin, Germany, a loud HAPPY NEW YEAR!

I wish a great 2011 to everyone, full of laughter, smiles and success!