IANAD

Pig Identification Guarantee

Mar 192013

3 Years ago I worked for a client who made use of the RSA Securid system. I was amazed by it. It seemed to add so much security to the systems I was accessing with it. I even liked watching the numbers turn over on the token feeling like a spy. I looked into setting it up for my own personal servers, and I was disappointed when I found out it was financially restrictive. It also frustrated me that I could not maintain the shared secret myself. Letting RSA authenticate my personal laptop was not going to work for me. Especially when it was disconnected from the internet.

I began to look into other two factor authentication solutions that where free software. And I found a few, Perfect Paper Passwords, being one of the more complete solutions. But carrying a sheet and updating it constantly was not a security token. So I began trying to figure out how the RSA tokens worked. I came up with a way of hashing and rehashing a secret on an arduino and then verifying it on my laptop.

/wp-content/uploads/2013/03/wpid-7disp_token1.jpg

It worked great, but not a real solution as an arduino isn’t battery powered or sits comfortably in your pocket. Tim Heath and I started work on the hardware design two years ago. Neither of us had any experience in electronics so it was pretty surprising when our first board functioned.

/wp-content/uploads/2013/03/wpid-pig_rev0.jpg

In between a few of our prototypes Google Authenticator was published. From that I found out about this rfc4226. It made me feel stupid that I had implemented this part of the protocol from scratch. But happy that it matched an IETF standard.

Below is a prototype of our current working design.

/wp-content/uploads/2013/03/wpid-pig_breadboard.jpg

It led to the building of this

/wp-content/uploads/2013/03/wpid-pig_prototype.jpg

Dustin Clark has also built pig client token code for android

/wp-content/uploads/2013/03/wpid-pig_android.png

and iphone

/wp-content/uploads/2013/03/wpid-pig_iphone.jpg

pdf describing the protocol in full in this white paper

Piwik is the FREE google analytics

Uncategorized No Responses »

Aug 302012

Tonight I setup piwik on my server. It is a free software analytics engine for your website. I would say it is very similar in feature set to the popular closed solution provided by google. The large advantages being that you can control your data and not just imediatly send it all too google. piwik also offers inexpensive hosting for this if you do not want to set it up yourself.

Twitter is not a public service.

Uncategorized No Responses »

Aug 172012

As people once again get in an uproar about how twitter is tightening its grip on
developers I am struggling to see why people are getting upset by it. When you
build your software on an api for a non-free product you must either be crazy or
understand that at any point the provider of said product can (and will) change
the rules on you.
Twitter is in the business to make money. They are always going to act in what
they think is their best interest. Even if you believe your api is in their best
interest (and even if it is) it does not matter. What matters is what twitter
thinks is its best interest.

Finally what is most upsetting to me is how people act like this is not fair as
twitter is a public service. This line of thought is ridiculous. Youtube, Flickr,
twitter, facebook, etc. are all private entities. They are not beholden to you.
You aren’t even their customer, you are the product. If that fact and what these
companies do upsets you, than leave them.
Identi.ca is a service similar to twitter with a few major differences.
(1) the software is free software so if they make changes you don’t approve you can clone it
(2) the system is an openhub. If you want to run your own server it can inter-operate.

For each site i listed previously there are free alternatives. So if freedom is
important to you be ready to move. If not then stop whining when twitter
decides they want to take their ball home.

playing with airplay

Uncategorized No Responses »

Aug 162012

Ever since apple came out with their new standard airplay I have been very jelly
of it. It allows for a user to stream videos, music, and photos to a device, in
their design the appletv. XBMC, Totem, and many others though have implemented
the receiver protocol allowing for them to be airplay endpoints to be driven by
iphones and macbooks etc. Which is cool but doesn’t get me any love for my
gnu/linux thinkpad.
When the rasberry pi came out I decided I wanted to build a little xbmc box that I
could carry with me to do remote video playback. I found a ruby library that allows
for pushing airplay video, and images to airplay devices like the appletv and the pi.
I downloaded and got it working, but it didn’t support streaming files locally, only
via http. So I learned me a little ruby and wrote the script below. It takes an
http/s url or a local file url and serves them up for the airplay receiver. It
works great. give it a try

#!/usr/bin/ruby
#code is written by Matthew O'Gorman 2012 Licensed Gplv3
require 'webrick'
require 'airplay'
require 'uri'
require 'socket'

class Streamer < WEBrick::HTTPServlet::FileHandler
  def initialize(server, v, f, l)
    super(server, l)
    @valid_ip = v
    @valid_file = f
    @local_path = l
  end

def prevent_caching(res)
    res['ETag']          = nil
    res['Last-Modified'] = Time.now + 100**4
    res['Cache-Control'] = 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0'
    res['Pragma']        = 'no-cache'
    res['Expires']       = Time.now - 100**4
  end

def do_GET(req, res)
  super
  print "yup \n" + req.remote_ip + "\n" + req.path + "\n"
  print "uh hu " + @valid_ip + " " + @valid_file + "\n"
  path = req.path.slice!(0)
  if (req.remote_ip != @valid_ip) then
    if (path != @valid_file) then
      print "invalid request\n"
      res.status = 403
      res['Content-Type'] = "text/html"
      res.body = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You are not the airplay server we are looking for!</p><hr><address>WEBrick airplay server 0.1</address></body></html>"
      return res
    end
  end
    prevent_caching(res)
end

end

def Local_ip
  orig, Socket.do_not_reverse_lookup = Socket.do_not_reverse_lookup, true  # turn off reverse DNS resolution temporarily

  UDPSocket.open do |s|
    s.connect '64.233.187.99', 1
    s.addr.last
  end
ensure
  Socket.do_not_reverse_lookup = orig
end


client = Airplay::Client.new
client.browse

if (ARGV[0] =~ URI::regexp) then
  print "playing url " + ARGV[0] + "\n"
  player = client.send_video(ARGV[0])
  # Correct URL
elsif (File.readable?(ARGV[0])) then
  print "playing file " + ARGV[0] + "\n"
  dir = File.dirname(ARGV[0])
  Dir.chdir(dir)
  

  s = WEBrick::HTTPServer.new(:IP => "0.0.0.0", :Port => 3000)
  valid_ip = client.servers[0].ip
  valid_file = File.basename(ARGV[0])
  s.mount "/", Streamer, valid_ip, valid_file, Dir.pwd
  trap('INT') { s.shutdown }
  child = fork do
    sleep 2
    url =  "http://" + Local_ip() + ":3000/" + valid_file
    print url
    print "\n"
    player = client.send_video(url)
  end
    s.start
    exit
else
       print "Not a uri or a readable file.  nothing to do\n"
end

Hello Location 2.0 Redux

Uncategorized No Responses »

Aug 152012

This is a rewrite of my location script from earlier. It now uses the widget api which is
awesome as it lets you store the id in the db and put it more places than just the footer.

<?php
/*
Plugin Name: Hello Location
Plugin URI:http://ineedtopostthisplaces.com
Description: shows your latitude location to a city level.
Author: Matthew O'Gorman
Version: 2.0
Author URI: http://b.rldn.net

    Hello Location is released under the GNU General Public License (GPLv3)

http://www.gnu.org/licenses/gpl.txt

    This is a WordPress plugin (http://wordpress.org) and widget
    (http://automattic.com/code/widgets/).
*/

function hello_location_init() {

    // Check to see required Widget API functions are defined...
    if ( !function_exists('register_sidebar_widget') || !function_exists('register_widget_control') )
        return; // ...and if not, exit gracefully from the script.

    // This function prints the sidebar widget--the cool stuff!
    function hello_location($args) {
	extract($args);

        // Collect our widget's options, or define their defaults.
        $options = get_option('hello_location');

	$googleLatID=$options['latitude_id'];
	$url ="http://www.google.com/latitude/apps/badge/api?user=".$googleLatID."&type=json";
        $text="Mog is hiding or turned his phone off";
	if(empty($options['latitude_id'])) {
		$text="I need to be configured to work.";
	} else {
		try{
			$contents = file_get_contents($url);
			$contents = utf8_encode($contents);
			$results = json_decode($contents, true);
			$text="I am in ".$results['features'][0]['properties']['reverseGeocode']." probably...";
		}
		catch (Exception $e){
			$text="Google won't tell you where I am";
		}
	}
        echo $before_widget;
        echo $before_title . $after_title;
        echo $text .  $googleLatId;
        echo $after_widget;
    }

    // This is the function that outputs the form to let users edit
    // the widget's title and so on. It's an optional feature, but
    // we'll use it because we can!
    function hello_location_control() {

        // Collect our widget's options.
        $options = get_option('hello_location');

        // This is for handing the control form submission.
        if ( $_POST['hello_location-submit'] ) {
            // Clean up control form submission options
            $newoptions['latitude_id'] = strip_tags(stripslashes($_POST['hello_location-latitude_id']));
        }

        // If original widget options do not match control form
        // submission options, update them.
        if ( $options != $newoptions ) {
            $options = $newoptions;
            update_option('hello_location', $options);
        }

        // Format options as valid HTML. Hey, why not.
        $latitude_id = htmlspecialchars($options['latitude_id'], ENT_QUOTES);

// The HTML below is the control form for editing options.
?>
        <div>
        <label for="hello_location-latitude_id" style="line-height:35px;display:block;">Latitude ID: <input type="text" id="hello_location-latitude_id" name="hello_location-latitude_id" value="<?php echo $latitude_id; ?>" /></label>
        <input type="hidden" name="hello_location-submit" id="hello_location-submit" value="1" />
        </div>
    <?php
    // end of hello_location_control()
    }

    // This registers the widget. About time.
    register_sidebar_widget('Hello Location', 'hello_location');

    // This registers the (optional!) widget control form.
    register_widget_control('Hello Location', 'hello_location_control');
}

// Delays plugin execution until Dynamic Sidebar has loaded first.
add_action('plugins_loaded', 'hello_location_init');
?>

Griff the Invisible review

Uncategorized No Responses »

Aug 152012

wp-content/uploads/2012/08/wpid-griff.jpg
I give it a 1 out of 1!
This movie is unlike all super hero movies out in the past few years. Weird does
not begin to describe it. Griff is an average office worker by day and crime
fighter by night, or so it seems. As the movie progresses and reality degrades
in a fun and interesting way that I haven’t seen in a long time. Also
Australian accents are funny and it stars Jason from true blood.

Give it a watch on netflix netflix.

(also first post from emacs with images and links woot woot)

Hello, World! (blogging from within emacs)

Uncategorized No Responses »

Aug 142012

*test
**this is me testing the org2blog emacs module for wordpress. It is available in emacs
package repository. It supports fancy org2blog conversion but this first try I am
going to have it just post this buffer. Well that didn’t seem to work, but after much hacking
I know have a patch for org2blog and a org file that converted without problems…
yay gnu/emacs

diff --git a/org2blog.el b/org2blog.el
index a517875..e4c2915 100644
--- a/org2blog.el
+++ b/org2blog.el
@@ -676,6 +676,11 @@ Entry to this mode calls the value of `org2blog/wp-mode-hoo
                    t 'string)))
           (setq html-text (org-no-properties html-text)))
         (setq html-text (org2blog/wp-upload-files-replace-urls html-text))
+        (message "first!! %s" html-text)
+        (while (string-match "<p>" html-text)
+          (setq html-text (replace-match "&gt;p&lt;" t t html-text)))
+        (while (string-match "</p>" html-text)
+          (setq html-text (replace-match "&gt;/p&lt;" t t html-text)))
         (unless keep-new-lines
           (setq html-text (org2blog/wp-strip-new-lines html-text)))
         (when sourcecode-shortcode


and more text after the block!

getting to local http servers easily…

Uncategorized No Responses »

Aug 132012

I often have to work on a remote couchdb database. I usually am just going through the futon interface so I have a firefox profile set to use a socks v5 proxy on localhost that i initiate by running
ssh -D12345 mog@remotehost.com

and this worked great. but the other day I needed to do something very similar from the cli but couldn’t figure out how at first. Here is the easy way to add socks v5 support to any program on gnu/linux system

#apt-get install tsocks
cat << EOF >> /etc/tsocks.conf
server = 127.0.0.1
server_type = 5
server_port = 12345
EOF
alias proxy="LD_PRELOAD=/usr/lib/libtsocks.so"
proxy couchapp push office

and the day was saved!

Ressurect Dead

Uncategorized No Responses »

Apr 092012

I just finished watching “Ressurect Dead.” It is a documentary about the mysterious Toynbee tiles placed through out the world. The team of misfits goes about looking for the anonymous tiler and the meaning behind the message. It was a very interesting film. The movie is well paced keeping you on your edge with each clue being revealed. I highly
recommend this film for anyone who likes a documentary or a good mystery. I heard about this movie from The Spill .

I give the movie a 1 out of 1.

prototyping security token.

Uncategorized No Responses »

Apr 032012

Working on my security token project. In the picture is the new ftdi 231xs-r chip. It is a very inexpensive uart-usb chip. After upgrading my kernel to the newest stable linux branch, 3.2.14. I got it working on my machine. There it is running the arduino blink code.

Older Entries