EFF’s Dice Random Number Generator digitized to become DicePass.org

TL;DR – this is why (and how) I created the electronic version of EFF’s Dice.

I love the Electronic Frontier Foundation (EFF) and believe in their just cause. I support it as much as I can and try to educate as many people as I can about their rights, privileges online and how to correctly behave in this new found jungle.

A while back I got a post about their new “toy”/campaign EFF’s Random Number Generator also known as Dice.

The idea behind it is to help people generate more secure passwords that they can actually remember and the means to do it was so simple. A dice. Or 5 (if you want to optimize).

The concept is simple.

  1. Roll a dice and record the digit. Do it 5 times.
  2. These 5 numbers now represent a 5 digits number.
  3. Lookup a word associate with this number in a wordlist such as this one.
  4. Repeat the process 6 times so that you have at the end 6 words.
  5. You are now the proud owner of a passphrase that has roughly 2⁷⁷ variations (that about 221,073,919,720,733,357,899,776 variations)!

That’s it.

So simple. If the words you got are reasonable enough you can even construct a sentence from it and it will be even easier to remember.

EFF created these 5 custom dices as part of their summer security reboot, so it will take a lot less time to physically generate the passphrase.

While I enjoy rolling dices as much as the next person, I thought it would be interesting to create a (rather) secure version of it that can (if needed) be hosted online.

While investigating about secure Pseudo Random Number Generators (PRNG) in JavaScript I found out about crypto.getRandomValues which is an API implement inside modern browser that uses the Operating Systems’ PRNG (find out if your browser support it)

So, I’ve created DicePass (you can also get the code on Github). You can use the hosted version or clone the repository and run it locally (just open index.html in your browser).

The hosted version doesn’t use any tracking code (no Google Analytics) or 3rd parties that can track you. Even the share buttons are custom implementation using a URL that opens in a new window/tab to protect your privacy.

Feedback, comments and pull requests are welcome.

Enjoy, and use long random passphrases!


Message in a bottle

Launching a startup is like sending a message in a bottle. If the message is not clear, no one will come to visit your lonely island or send you a postcard back.Message in a bottle

When you launch your startup, your online presence (i.e. website, twitter account, facebook page, etc) and the buzz you manage to create online via the online official and unofficial press are the message you are passing to your users. If the message is not clear you can lose a lot of attention.

Before launching your startup you might want to test your messaging. I propose two very simple tests that can serve as rather good markers to determine if your message is clear.

Tests Rules:

  • Each of the tests should be given to 2 different people
  • These people should have no prior knowledge of your startup and what it does
  • One person should be a Non-Techie – someone not from the tech industry who is known to have little to no technical background. The other should be a Techie – someone from the tech industry that can eventually ask a question along the lines of “How are you going to implement this?” and understand the answer.
  • Each test should have a different set of people, you cannot reuse people from one test in the other test.

Test #1 – One sentence or less (or the 140 character pitch)

Tell each of the 2 people in one sentence or less what your startup does. If they don’t ask for additional clarification then you can consider that your message is rather clear. If they don’t ask for additional clarification, but are rather intrigued by your startup and message you can safely assume your message is clear enough and your startup does interest them.

Test #2 – The blind website test

Show your website to the 2 people without saying a word. Ask them to read what is written and explain to you what they think your startup is about. If they can explain it and understand completely what you are doing you can be certain enough that your web site message is clear even to new users who has no prior knowledge of what your startup does.

If you did not pass one of the test, try it again on a different set of people (just to make sure these 4 are not a statistical anomaly). If the result is still the same try to revise your messaging and, as always, remember to rinse and repeat.

Crawling to the people

Yaniv let the cat out of the bag about some of our ideas for making other parts of the search and its relevant data open, free and accessible to all of us.

I’d thought I’ll add some background and my thoughts on the subject.

First, the idea was iterated a couple of times when we were in that place where you have a solution(s) and you are seeking a problem(s) to solve.

It all started from this post by Jeremie Miller. Jeremie, being the good guy that he is, was thinking about create standards and protocols to make the crawling, processing and sharing of data for search and search engines public, free and accessible. While neither Yaniv nor I are in Jeremie’s loop and have no idea of what he is up to (but you can count on it to be interesting, that’s for sure), we talked about it a bit and it sunk in.

We both liked the idea of having the raw data accessible as well as being able to run custom post processors that can make something useful out of it so that no one is tied to whatever logic and algorithms the crawler writer enforces.

Then came the announcement from Kevin Burton about spinn3r, a service that re uses the web index of the Blogosphere crawled by TailRank’s crawler and allows you (and everyone else) to use that crawled data.

This information also sunk in and today at lunch (which did take quite a while :-) ) we started to brainstorm about it a bit more seriously.

This can really open up and innovate search from the bottom up. Give access to a lot of people to APIs and capabilities that were previously only available for big companies. This is the platform that can create something very interesting.

We would love to hear your comments.

Twitter and OpenID

Dave Winer says:

“[…] we could make Twitter the open identity system we’ve been looking for. Make your Twitter ID the one that you use to log on to other service […]”

I say let Twitter support OpenID with all of the good Relaying Party Best Practices including (but not limited to):

  • Ability to associate an existing account with an OpenID
  • Ability to switch to another OpenID (sort of a password recovery for OpenID)
  • Ability to create a new account directly with an external (non Twitter) OpenID (be a standard relaying party)

If they want to, they can also be an OpenID provider (which should be good for them, of course ;-) ).

Amazon Recommendations, Big Giant Collection Books, Reprints and New Editions

I really like Amazon. I really like Amazon’s recommendations and ever since I inputed most of my books into Amazon I get really good recommendations.

There is one thing that bothers me, though.

I recently made a big order from Amazon and included two books which I was long overdue in owning and reading them. The books were “Long Dark Tea Time of the Soul” and “Dirk Gently’s Holistic Detective Agency” both by Douglas Adams.

After the purchase, Amazon recommendation started to offer me other Dougls Adams books such as “Mostly Harmless“, “So Long and Thanks for all the Fish” and “The Restaurant at the End of the Universe“.

I previously told Amazon that I already own “The Ultimate Hitchhiker’s guide to the Galaxy” which is one large book containing all 5 of the hitchhiker’s guide novels (3 of them are the books mentioned above).

Since I own a book that include those books I would have figuring that Amazon will know that and handle that similar to how they handle situations in which a book is reprinted or has some newer edition (usually with minor changes or no changes at all). The recommendation engine doesn’t handle that because it probably doesn’t take into account that this one book is a collection of other books and in addition to that.

Due to the Hitchhiker’s guide to the Galaxy movie they have re-printed the series so there are newer edition out there, which is probably one of the causes I see these books again.

It’s not that uncommon to have such a book that contains multiple previous titles that were a part of a series before. For example I also own “The Great Book of Amber: The Complete Amber Chronicles” which is one big book that contains the 10 books in the Amber series by Roger Zelazny (luckily I haven’t told Amazon about that so I’m not getting recommendations to buy the same books again).

Perhaps Amazon should take a look into such collection books as well as handling re-prints and newer edition in a different way.

For example, for reading books (not technical books that often have newer editions that do change and add things) I would expect by default to not see any new re-prints and things like that unless I specifically opted that in my settings.

For technical/reference books I would like, by default, to see newer editions because these new editions (usually) add and update information and in most cases its important to stay up-to-date or at least know that there is a newer edition.

For paperback vs. hard cover editions, Amazon seems to handle it well and does understand that if I have the paperback edition I don’t need to be recommended of the hard cover edition and vice versa. I can only assume they implemented it by saving some kind of a reference between these books, so perhaps they should add a new type of reference/link for books that are a collection of other books and other such links to handle the rest of the things I’ve mentioned above.

What do you say? Am I the only book maniac/Amazon maniac/Recommendation maniac out there that thinks about this? :-)

Online Life Feed

After reading Grant Robertson’s post – “Taming your own river of news” I’ve decided to use Yahoo Pipes to create my online life feed (it sounds better than “Eran’s river of news”, don’t you think?)

You can check it out here.

Basically I aggregate the feeds from this blog, my Advanced .NET debugging blog, my Yedda questions, my Yedda answers, my del.icio.us links and my Flickr photostream.

These feeds are most of the content I’m generating or contributing to (at least the ones with a feed in it). If I’ll remember some other feeds that I’m contributing to and forgot to add, I’ll update the pipe.

I’m quite sure that the rest of the features Grant wanted, like being able to group it by Year/date, source and topic are probalby best kept for the various RSS readers (mostly the desktop ones).

Go on and create your own online life feed and share it with everyone! :-)

Yahoo Pipes, Microformats and Extendability

I think Yahoo Pipes is really cool. The main attraction is its slick user interface and ease of use.

I just created a pipe of all of the Recent Questions of Yedda translated using Babelfish to French and it took less than 5 minutes.

I do have a couple of ideas that I think will make Yahoo Pipes into something very interesting:

  • Accept Regular HTML pages
  • Have a built-in Microformats parser
  • Support for a more complex piping scripting (perhaps in the form of a JavaScript script)
  • Support for state saving (or at least a limited way such as the ability to compare the previous version of the page/feed you are piping)

Accept Regular HTML pages
Currently, Yahoo Pipes (at least as far as I’ve figured it out) accept only feeds (Atom, RDF, RSS, etc). The other building blocks that works with Yahoo Search, Google Base and Flickr eventually output a feed to Yahoo Pipes. Having the ability to retrieve a page instead of a feed and manipulate it will make things a lot more interesting and will allow VERY interesting meshups and ideas

Built-In Microformats parser
If Yahoo Pipes will accept regular pages, having a built-in Microformats parser will allow people to extract various types of structured information stored in the Microformats on the pages, thus, creating a reacher and more interesting abilities with Yahoo pipes.

Pipes Scripting
Having custom scripting abilities to Yahoo Pipes will make it really great and will allow a burst of innovation and interesting things composed with Yahoo Pipes. Of course, this feature is the most complex one from both development and security since having 3rd party code run on your servers is always a problematic thing. But, I’m sure the fine people at Yahoo can limit that.

One idea that comes into mind is writing such scripts in JavaScript, thus the whole running of the scripts on top of a page will be contained into a JavaScript environment and can only work on the input of the file being parsed.

State Saving
State saving will allow users to create a more complex pipe that can be aware of changes. The simplest one is to compare to the previous version of the page/feed, thus allow the pipe writer to figure out what to output.

An interesting pipe example that uses some of the things I’ve talked about above would be to have a pipe that listen to a certain drivers vendor’s driver page (most of the drivers vendors don’t have a feed that I can subscribe to and know when there are newer versions of a driver and things like that). The pipe would extract the current version and date from the page and compare it to the previous version stored at Yahoo of that page. If it has changed, it will add an item to the feed’s pipe saying that a new version exists, etc.

What do you think? Will this work? Would you be interested in such things?

Help find Jim Gray

If you don’t already know, Jim Gray, a computer scientist and Turing Award winner has disappeared at sea on Jan 28th 2007 while solo sailing his boat on a trip to Farallon Island near San Fransisco.

His friend, Werner Vogel – Amazon’s CTO, has harnessed the help of Amazon’s Mechnical Turk to get people to search for any interesting items in a couple of satellite images. If users mark that these images are worth further investigations they will be treated as such.

You can join in and help from here.

I’ve started to help a bit, but there are a couple of things that I think are fairly easy to do and can greatly help:

  1. Image tiles that are completely blank (usually a side effect of the alignment post process of satellite imagery) should not be considered a HIT. It’s easy to check and its easy to save unnecessary clicks from people helping out.
  2. I think the tiles can be a bit bigger, thus, covering more grounds in a single HIT. Bigger tiles might also enable people to see wreckage formatioms which (god forbid) will give an indication that something has happened.

In addition to that, if the satellite images were released, I’m sure there are more than a few people with knowledge and code that can help identify some of the object automatically (I know I have more than a few such codes to identify various forms in various sizes in an image).

This might give this help a bigger boost.

I just hope Jim will be found in time.

UPDATE (2007/02/05 16:53 IST): I’m not sure if I’m suppose to publish this, but the directory in which one sees the various images in Mechnical Turk are stored in a server where you can get the satellite images broken into tiles in a big zip file. There are ~100 satellite images there. Perhaps some of you (and maybe me if I can find some time) can download it, mash it up back into one picture and run various analysis tools on it.

You can grab the images from here.

I hope it will help find Jim quicker.

Google Docs & Spreadsheets integration with Gmail

Google Gmail recently got a new feature allowing one to open Word documents using Google Docs and we can safely assume that PDF and Excel (for use with Google Spreadsheets) documents are on their way as well.

Sometimes a Word document can be quite big with lots of added stuff like images, drawings and so on.

If Google can handle the on-the-fly (or at least on-mail-receive) Word documents conversions I do think that they can (and hopefully will) handle Movie files conversions like I suggest in my previous post about integrating YouTube/Google Video with Gmail.

Since copyright issues are the same for Word documents, having the movie converted and show only to the mail recipient shouldn’t be much of a problem.

I wonder if the Gmail team subscribed to RSS alerts on their product the same way as the Google Reader team :-)

Gmail integration with Google Video and/or YouTube

You know what would be a cool feature (and even a useful one) to Gmail?

Integrating Gmail with Google Video and/or YouTube to provide video previewing of videos received as attachments.

I haven’t received a video as an attachment on my Gmail for quite some time now, but I see no reason why it shouldn’t work same way as it works with previewing attached images.

Gmail could convert the video on the fly to a Google Video/YouTube private film, one that is not posted on the site and is only available to the people using Gmail and allow me to preview it directly.

It’s funny that Gmail gives ~3Gb of space to save stuff but I’m then stuck on downloading 5Mb of some stupid movie someone sent me just to view it, instead of getting a buffered near-real-time viewing experience, the same way I get with pictures (though pictures of a rather built-in support inside browsers, which makes the previewing if images very easy to implement and use).

It will also save some bandwidth to Gmail due to the fact that the encoded stream that goes through the Flash player of Google Video or YouTube is in a lesser quality than the original movie, thus allowing most people to view it in a lesser quality (which should suffice to most people) and not download the whole 5Mb+ file.

Gmail team, what say you? (or am I already suggesting a feature that is in the works…)