My Tentative Experiment with Quantum Computing


, ,

Developing a programming language for quantum computing is a major engineering challenge. Bits in a conventional computer are represented by transistors (along with other ancilliary components) – their states representing the 1s and 0s. The circuitry for manipulating and measuring those transistor states exists in an array, with elements addressed through the pins on the processor chip – this is the function of bytecode, which fundamentally determines which pins of a processor/memory chip voltage is sent to. Programming languages are the human-friendly way of putting together the bytecode.
A general purpose quantum computer would require creating circuits that perform specific operations on qubits, and making those circuits addressable so they could be selectively activated. That’s basically the foundation for developing a more abstract programming language for a quantum computer.

The QKit API is a step in that direction, but ultimately tasks are still translated into bytecode executed by a conventional processor to simulate quantum computing operations. With the IBM Q Composer virtual circuits can be made from elements that represent various mathematical operations. Unfortunately I’m crap at mathematics, so exactly what most of the elements do is currently beyond my understanding.

This was one of the experiments I put together:

Here I have a set of five quantum gates, in this case Hadamard gates, with each qubit having an equal probability of being 1 or 0 when measured. The gauge elements along the X axis represent measurements of the qubit’s state. What do we get after running this as a simulation? Well, first thing I’m presented with is a very pretty sphere, which I’m guessing is a Bloch sphere:

Along the X axis of the Quantum Computation Basis, there are five-bit numbers, and Y values ranging between 0.035 and 0.031. A five-qubit array has a probability of 0.03125 of being in a given state, and that’s approximately what the simulation returns for each combination of bits.

We can check whether these are probabilities by removing one of the Hadamard gates and repeating the simulation with four qubits:

This time we get output values ranging between 0.066 and 0.057. Manually calculating the probability that a four-qubit array would be in a given state, we get 0.0625. Essentially my simulation is a fuzzy way of estimating probability.

Learning the Vim Editor


, ,

Being developed for terminals where only the keyboard is used, there are numerous keybindings and commands, and fluency with these enables the experienced user to perform actions faster than a GUI would allow. Maybe this is why the feature exists in Visual Studio Code also.

Basic Actions
Press the ‘I‘ or ‘A‘ key to start inserting text. There’ll be ‘— INSERT —‘ at the foot of the editor.

In order to save the file or quit, press the ‘Esc‘ key and ‘:’, then enter one of the following commands:
:w – Write buffer to file
:wq – Write buffer to file and quit
:q! – Quit without writing buffer

These are the commands that are quickest to pick up, and that’s pretty much all that’s needed for basic usage. Also, there is an online help feature, accessible by pressing the tab key after entering the first character of a command.

Another nice feature of vim is the buffer is actually saved somewhere, so if the system crashes or the connection drops before the file’s saved, the buffer can be reloaded when vim is next run.

Navigating Through File Contents
In addition to the ‘I‘ or ‘A‘ key for entering INSERT mode, there are several other key bindings for navigating through text: ‘H‘, ‘J‘, ‘K‘ and ‘L‘ are used for moving the cursor up, down, left and right one place.

Cutting and Pasting Text, and Reversing Changes
We can also copy and paste sections of text. Press ‘V‘ and whichever direction keys to select a section of text. Pressing ‘C‘ will cut the text and ‘P‘ to paste that section elsewhere. If the user wants to reverse that (or any other) change, this can be done with the ‘U‘ key.

Lastly vim enables the user to delete a character or section/paragraph with the ‘X‘ and ‘D‘ keys.

Searching Text
Often you’d want to find a string within the current file. Press the ‘Esc’ key, and use the following command:

And press ‘N‘ to scroll through the matches.

The editor’s configuration is stored in /etc/vim/vimrc. If the GUI version is installed there’ll also be a gvimrc in the same directory, although I found an easier way to configure that is to save and load a session file.

The first thing you might want is a ‘soft wrap’ which wraps text within the editor without inserting line breaks in the file itself:
set columns=90

But we also don’t want to wrap in the middle of words, so set a line break:
set linebreak

Also, I’m used to seeing line numbers when modifying code:
set number

In another directory, /usr/share/vim/vim73/colors, there’ll also be a number of colour scheme files. Any of these can be set, e.g.
colorscheme evening

An IPv6 Secret Address Generation Algorithm


, , , ,

How would two clients communicate over IPv6 without a third-party knowing which addresses are used? This is one of the abstract problems I tried to solve back in 2013, when developing the idea of a secure messaging client that makes use of certain features associated with IPv6 (many thanks to Sam Bowne and Chris Tubb for the inspiration). It was based on two assumptions: a) both parties are assigned a block of IPv6 addresses rather than a single address, and b) communicating parties are able to arbitrarily select addresses from within their address ranges.

Address Spaces and Allocations
Given the number of possible IPv6 addresses (2^38 minus a few reserved address ranges), it’s possible that a person would be assigned a sizeable block of addresses from this, such as a 32-bit address space with 4294967296 possible addresses.

I’ve done a bit of research to determine the likely address space a person would typically be assigned. RFC 6177 reccommends allocating /48 blocks to each individual ISP customer. Whether this would actually happen in the real world remains to be seen – it’s also strongly recommended because IPv6 removes the requirement for Network Address Translation, which in turns means that an ideal allocation for a home network would be large enough to make network enumeration a little more time consuming.
IPv6 also allows for stateless address configuration, which should enable clients to select their own addresses, although this depends on how the local router is configured.

The Address Generation Algorithm
My solution is something like:

The session key is secret between two clients – how they share this is another problem which might require out-of-band communication using a public key system. Actually my proposal would be a good candidate for an instant messaging system or social network that works alongside Dark Mail.

The second parameter is the system time, in ‘HHMM’ format, because the algorithm should generate a different IPv6 address every x number of minutes, and HHMM should also be the same for both communicating clients. With a little more coding later, two clients might get this value from a shared source, perhaps over NTP.

Python Implementation
The following imports are required for implementing the concept as a Python script:
* string
* hashlib
* netaddr
* pprint
* time.gmtime and time.strftime

New addresses are generated from a current IPv6 address and a session key that might be shared between peers. These might be read from an application database and/or network interface.

selfAddress = '3ffe:1900:4545:0003:0200:f8ff:fe21:67cf'
selfKey = 'mypassword123'
peerAddress = ' '
peerKey = ' '
currentTime = strftime("%H%M")

In order to get the current address, we require a networking/NIC module that enables us to select the network interface to read from. I’m most of the way through coding a C# version of the client, using System.Net.NetworkInformation to populate a drop-down list of interfaces.

Using the netaddr and pprint modules, an address can be formatted as a hexadecimal string – basically to get the digits without the octet delimiters. The line ‘selfAddressToHex[2:]‘ removes the ‘0x‘ characters from the output.

ip = IPAddress(0, 6)
ip = IPNetwork(selfAddress)
selfAddressToHex = hex(ip.ip)
selfAddressString = selfAddressToHex[2:]

Then a SHA256 fingerprint is generated with [sessionKey+HHMM] as inputs.

hashInput = (selfKey + currentTime)
print('Hash Input: ' + hashInput)
hashedValue = hashlib.sha256(hashInput)
hashedValueString = (hashedValue).hexdigest()
print('SHA256 Fingerprint: ' + hashedValueString)

Now we can substitute the last eight bytes of the current IP address with the last eight bytes of the SHA256 value to generate a new address:

final32 = hashedValueString[56:64]
print('New Suffix: ' + final32)
newAddressString = selfAddressString.replace(selfAddressString[24:32], final32)

Finally, reformat the hex string as a valid IPv6 address by adding the delimiters between octets:

newAddress = ':'.join([newAddressString[i:i+4] for i in range(0, len(newAddressString), 4)])
print('New Address: ' + newAddress)

The running script will produce something like:

We can later write newAddress back to the application database as ‘currentAddress’, and have something that triggers this part of the application every 15 minutes.
There are other things I’d like to build on this, namely components for setting newAddress as the local IP address, and messaging between two clients running the script.

A Very Frustrating But Also Very Rewarding Experience with AmCharts and Complex JSON Responses


, , , ,

Presenting data in amCharts and Chart.js from simple two-column tables was relatively straightforward. I had three Web APIs that each returned a two-column table that the charting scripts could easily read from. As I was finishing up the presentation, the application spec changed – all the data is now returned as a complex table by one stored procedure. What followed was a moderately frustrating couple of days, as I Bill Nyed the code multiple times trying to extract and group items from the JSON objects.

Given the main reason for using a single stored procedure was to reduce the load on the Service Broker, a single Web API call in my code is better than three. It also makes sense to implement all the querying features as JavaScript, since the browser fetches everything when the page loads.

The code for my solution is published on GitHub (click here).

Revisiting Arrays and Objects
My solution was to populate an array, or multiple arrays, with items from the JSON response, so it’s worth looking at JavaScript arrays to see the similarity between that and JSON.

An array could be static and predefined, e.g.
var users = ["michael", "john", "andy"];

Or it could be an empty array that’s populated during runtime, for example, in a script that populates the array from another source, such as:
var users = new Array("michael", "john", "andy");

The other type of variable I’m working with here is an object with multiple attributes. e.g.
var user = {userName:"michael", userID:"515", role:"Developer"};

You’ll notice this looks somewhat like a message object within our JSON response, because that’s precisely because the JSON response is an array of such objects. For example, the JSON response for the Dashboard is:


Getting Chart Data from a JSON Response Body
For the Messages by Type chart, I want a count of the number of instances for each messageType name in the Service Broker queue. If these counts could be presented as a doughnut chart, the user could readily see which category of systems is generating the most traffic – typically they’re pathology systems, so if cardiology systems are sending most the traffic, we know something’s not right.

Anyway, what I did first was initialise an array called ‘everything‘, and push all the JSON response objects to it. From that I extracted the messageType items and pushed them into another array called ‘myMessageType[]‘.

This enabled me to use ‘myMessageType.length‘ to loop over it and increment the counter variables for each instance of ‘Pathology’, ‘Radiology’, ‘Cardiology’ and ‘unknown’. More observant readers will notice I’m counting instances of rows, not what’s actually contained in the MessagesProcessed column. Most rows in that column have a value of ‘1’, so I can get away with that for now and add further logic in later.

(Update: It looks much better after the counters are placed in a single loop:)

At this stage, I should have a set of counter variables that provide data for the chart. Since that might become a problem solving task in itself, now’s a good time to establish, using a debugging tool and SQL Server Management Studio, whether the counter variables are indeed incremented.

If everything’s good at this point, the counter variables can now be used as the amCharts dataProvider source:

On running the application, the charts still aren’t rendered even with the counter variables incrementing correctly. This is a timing issue, with the charts attempting to render before the arrays are populated and counted. The code needs to be modified so the sections of code are executed in the correct order.

The chart code can be encapsulated within a function. Here it’s called chartByType().

function chartByTypes()
// Charting code here

And add code for calling the above after a short delay when the counter arrays/variables have been populated:

// Insert call here to Chart 2
setTimeout(function () { chartByTypes(); }, 500);

And here was the result:

The NHS Ransomware Situation


, , ,

The bad news is it’s extremely unlikely the data could be decrypted directly. Recovery will depend on backups – most employees don’t, and probably can’t because of security policy, make personal backups of their work.
The good news is there’s a slim possibility GPs and hospital IT staff could recover their data (without paying the tossers who thought hospitals were a good target, of course). File encryption actually works by making encrypted copies of the data before erasing the original files, which means the latter just might be recoverable using common drive imaging and data carving tools. It’s a long shot, but that’s what I’d be attempting in their position.

How did this happen? Actually I heard from others a couple of weeks ago there were spear phishing attempts at another NHS trust, and assumed it was related to a malicious hacker group that obtained staff addresses after a third-party was compromised. However, that affected trusts here in Wales, and the current ransomware thing isn’t affecting us (directly) yet.
Not everyone in a large organisation can differentiate between a legitimate hyperlink and one that’s disguised in an email. Someone, in fact several, will click the link or open the attachment. That’s not really a problem if the anti-malware system has a signature for it, but there’s still a good chance it doesn’t. Exploit mitigation features on modern operating systems play a huge role in preventing malware. You probably know all this already.

The thing is (and yes, this is a huge problem) the NHS does rely on outdated operating systems and software, and for roughly the same reasons banks still use COBOL and industrial systems might still use Windows XP. You can have a legacy system that works, or upgrade attempts that come with serious risks. Remember the chaos in 2012 after an update attempt crippled the mainframe of three major banks? So, to address the Home Secretary’s point, one doesn’t simply move a system like this onto Windows 10.
When you’re dealing with critical software that’s deployed nationally, and when lives depend on integrity of the data, any minor change in the configuration must be thoroughly tested before that change goes live. And there could be a stack of software from multiple vendors, and a range of hardware also, dependent on that same configuration.
On top of that, I’ve also come across third-party clinical software that’s been around since the 90s, and can’t easily be replaced because it’s critical, very complex, has features that are extremely specialised and became the standard across NHS trusts – and the software, in turn, depends on older operating systems. Some of these problems are outweighed by what recently happened, but still… Scary, isn’t it?

According to The Guardian, Professor Woodward stated the exploit is for an SMB vulnerability that enabled the malware to spread, and the vulnerability was in Windows XP for which Microsoft didn’t release a patch. Metasploit did include exploits for older versions of SMB since at least 2013, and SMB vulnerabilities showed up in Nessus scans against Server 2012 back then.
Of academic interest is the exploit here was developed (or at least hoarded) by the NSA, and was among those published by the ShadowBrokers – several years ago I warned that something like this was inevitable if governments started developing ‘cyber weapons’.