EFF’s Dice Random Number Generator digitized to become DicePass.org

TL;DR – this is why (and how) I created the electronic version of EFF’s Dice.

dicepass
I love the Electronic Frontier Foundation (EFF) and believe in their just cause. I support it as much as I can and try to educate as many people as I can about their rights, privileges online and how to correctly behave in this new found jungle.

A while back I got a post about their new “toy”/campaign EFF’s Random Number Generator also known as Dice.

The idea behind it is to help people generate more secure passwords that they can actually remember and the means to do it was so simple. A dice. Or 5 (if you want to optimize).

The concept is simple.

  1. Roll a dice and record the digit. Do it 5 times.
  2. These 5 numbers now represent a 5 digits number.
  3. Lookup a word associate with this number in a wordlist such as this one.
  4. Repeat the process 6 times so that you have at the end 6 words.
  5. You are now the proud owner of a passphrase that has roughly 2⁷⁷ variations (that about 221,073,919,720,733,357,899,776 variations)!

That’s it.

So simple. If the words you got are reasonable enough you can even construct a sentence from it and it will be even easier to remember.

EFF created these 5 custom dices as part of their summer security reboot, so it will take a lot less time to physically generate the passphrase.

While I enjoy rolling dices as much as the next person, I thought it would be interesting to create a (rather) secure version of it that can (if needed) be hosted online.

While investigating about secure Pseudo Random Number Generators (PRNG) in JavaScript I found out about crypto.getRandomValues which is an API implement inside modern browser that uses the Operating Systems’ PRNG (find out if your browser support it)

So, I’ve created DicePass (you can also get the code on Github). You can use the hosted version or clone the repository and run it locally (just open index.html in your browser).

The hosted version doesn’t use any tracking code (no Google Analytics) or 3rd parties that can track you. Even the share buttons are custom implementation using a URL that opens in a new window/tab to protect your privacy.

Feedback, comments and pull requests are welcome.

Enjoy, and use long random passphrases!

 

nsq-to-gs – Streaming NSQ messages directly to Google Cloud Storage

nsq-to-googlestorage

In addition to my previously published (very early) project to stream NSQ messages directly to BigQuery, I am happy to presents a modified version of nsq-to-s3 that supports streaming NSQ messages directly Google Cloud Storage.

Grab it while its hot from the nsq-to-gs repo.

I do see a future for a merged version of these two projects that supports both S3 and Google Cloud Storage but this would have to be enough for now.

 

The current version has the same functionality as the latest nsq-to-s3 version and was adapted to support Google Storage with minor modifications (such as the default path and filename formats).

gonionoo – Go wrapper for the Tor Network Status Protocol – OnionOO

I’ve bene running a Tor exit node in the Netherlands since August 2013. I believe in the cause of Tor and it was only a matter of time before I started adding code in some for or another.

gonionoo is Go wrapper for OnionOO – the Tor Network Status protocol as is the first step in a slightly larger project I’m working on that I’ve been planning for a while ever since I’ve became a Tor exit node operator.

The OnionOO API has lots of interesting data on the Tor network. You can see it visualized as part of the Atlas project.

UIImage in iOS 5, Orientation and Resize

One of the things I found very strange is the fact that most operations that came with iOS prior iOS 5 which revolved around UIImage didn’t take into account the orientation of the image. This meant that if you want to read a picture from the camera roll and resize it, you’d have to roll your own code to correctly flip and/or rotate the image according to its orientation value.

Being my lazy self I used the fine code of Trevor Harmon in UIImage+Resize. Trevor added some categories to make handling UIImage a bit nicer. The code takes create of everything including orientation.

My app worked great on iOS 4 and early betas of iOS 5, however in the late beta of iOS 5 and in the release it wrongfully rotated the images.

After further investigation it seems iOS 5 already rotates the image correctly. UIImage+Resize rotated it again, causing the images to get skewed.
A quick fix would simply avoid the transposition code in UIImage+Resize.

Since the code ran perfectly fine in iOS 4, for backwards compatibility I added a check for OS version and for anything below 5.0 the old code would work.
Check out this gist:

For better performance I would store a boolean flag somewhere in the app saying you are running in iOS 5 and check that instead of keep on checking the OS version every run, but this is just to get you started.

Clone S3 Bucket Script

I had to backup an S3 bucket so I whiped out a small script to clone a bucket.

It’s written in Python and depends on the excellent Boto library. If you are running Python < 2.7 you’ll also need the argparse library (both available also via pip).

View the gist here: https://gist.github.com/1275085

Or here below:

Determine if an Email address is Gmail or Hosted Gmail (Google Apps for Your Domain)

For my latest venture, MyFamilio, I needed to know if a user’s Email address is a Gmail one so that I could show the user his/her contacts from Gmail.

Figuring out if the user is on Gmail is usually easy – the Email ends with @gmail.com. But what happens for all of those Google Apps for Your domain (like my own, which uses the @sandler.co.il domain) ?

Well, you can easily detect that by running a DNS query on the MX record.

I wrote a small function in Python which uses dnspyhon to do just that, determine if an Email address is hosted on Gmail or not.

Check the gist here.

Check the gist here.

Extract GPS Latitude and Longitude Data from EXIF using Python Imaging Library (PIL)

I was searching an example of using Python Imaging Library (PIL) to extract the GPS data from EXIF data in images.

There were various half baked examples that didn’t handle things well, so I baked something of my own combining multiple examples.

You can get it here: https://gist.github.com/983821

Or see it embedded below:

OAuth C# (very) Basic Library

I know it took me a while (sorry) but I had a couple things on my plate.

At first I wanted to release a more complete integration of OAuth within ASP.NET, but that will have to wait to the next time frame I can allocate to work on this.

In the meantime, there is some basic C# code in the OAuth code repository which generates the OAuth signature, which is the most complicated thing to implement in the spec (not that it’s that difficult to implement :-) It’s actually quite easy).

To use the C# code, simply do this (based on the samples in the spec):

using OAuth;

OAuthBase oauth = new OAuthBase();

Uri url = new Uri(“http://photos.example.net/photos?file=vacation.jpg&size=original”);

string signature = oauth.GenerateSignature(url, “dpf43f3p2l4k3l03”, “kd94hf93k423kf44”, “nnch734d00sl2jdk”, “pfkkdhi9sl3r4s00”, “GET”, oauth.GenerateTimeStamp(), oauth.GenerateNonce(), OAuthBase.SignatureTypes.HMACSHA1);

After that you can concatenate the relevant query parameters as well as the signature value to the URL and use it.

If you have a different timestamp and/or nonce generation method, you can inherit and override these methods.

If you require a different hashing algorithm other than the default HMAC-SHA1 or the PLAINTEXT (which MUST be used with a secure communication channel such as HTTPS) you can use the “GenerateSignatureBase” method to generate the signature base string and then call “GenerateSignatureUsingHash” passing the signature base and the hash algorithm you are using.

That’s about it. I’ll update when I’ll have some more integrative code.

Yedda Twitter .NET / C# Library

This is a bit of shameless promotion but I think it’s worthwhile never the less :-)

One of the things I did lately on my day job (Yedda) was to integrate it with Twitter (check the integration here and add Yedda as your friend!).

Yedda is all about sharing and us sharing things like code with the rest of the world is no exception.

So, without further due, I’m proud to present the Yedda Twitter .NET / C# Library (you will see that it’s more of wrapper than a library… really ;-) ). The post about it in our Dev Blog is here and the details, source and binary are here.

The code is free as in beer and is provided on a “AS IS” basis.

If you have questions about the library, Twitter, C#, .NET, the API, the meaning of life etc, feel free to ask on Yedda.

Blindly go where all men has gone before

I ran into this post today.

It mainly talks about the extremes a great deal of developers “ping-pong” between during their life times. Catching the buzz words as they fly and instead of reviewing them and taking a few pointers that can enhance their current development procedure and cycle they just completely and utterly soak themselvs inside of it and forget anything else that existed before it.

I had the dubious luxury of assisting a project that it was simply frightening to send a few of the developers there to any software related conference (even a one day review). They would immediately get enlightened by whatever it is they heard in that conference and start changing every piece of code or procedure they know to accomodate the new “Torah” they were given in their imaginary “Mt. Sinai”.

For example, I worked with one developer that after returning from a design patterns course started to change every bit of code to accomodate some design pattern from the book. Sometimes she used the wrong design pattern just to use a design pattern no matter what.

The funny thing is, that most of these people are not that absolutist in their personal life, so what makes them to go to such extremes in their developer life?

I think that coding style, architecture style, understanding requirements and everything else related to the software industry is mostly gained by experience and experimentation.
Learn all you can and integrate with what you know and already have. That is the right path.

I personally think that before starting any big project, one must understand the requirements. After doing so it is usually best to evaluate various technologies and see if they can be used to accomodate the needs of the project.

Most infrastrucutres are tuned in the 80/20 way. They are tuned for 80% of the types of applications but are less tuned for 20% of the rest of the applications.
That is why, if your project has some special needs there is a true need in writing sample code that tests some issues that might be problematic in the project.

These are just my 2 cents on the matter. Read the link I gave. Its REALLY REALLY funny and educational.