Wednesday, 8 October 2014

Windoze 10: a preview

I'm still really bad at blogging. I have as many as four posts in queue at a time. Life is complicated.

So I downloaded the Windows 10 Preview and decided to mess around with it in VMware.

Tl;dr it took only ten minutes to install and it's not too interesting yet besides the new! Start Menu.
Carryover from Windows 8 installation.
Microsoft still want you to tell them about everything you do on your Windows.
They're so desperate that they make it as difficult as possible for you to create a local account.
VMware Tools does in fact work without a hitch.
Making sure the reborn Start Menu is enabled.
This is when it dawned on me that I should probably change the theme from the default, you know, personalise it a bit.
Successfully installed my custom-built (on Windows 8) Firefox 64-bit.
Installing 7-zip.
I guess Microsoft trimmed the window borders a bit, but they didn't finish the job just yet.
With the above screenshot, Microsoft just made it impossible via Task Scheduler to disable background system maintenance, which I've found (at least in my Windows 8 VMware instance) to reduce performance significantly by eating disk I/O. I guess since system maintenance includes automatic updates, it might be a good thing to leave it on for now.

Day two of testing had me installing and using some more stuff I used in previous Windows versions.
Blasting music in Windows Media Player 12 and reading my statistics textbook in Adobe Reader Touch.
Quite frankly, one major reason why I still occasionally boot into my Windows virtual machines is Windows Media Player. It simply puts every media player/organiser (so VLC is not in this set of software) I've used on Linux to shame. You just can't get those SRS WOW effects anywhere else.
Scrolling via the wheel now works almost as well as GTK+ ever has. Which means point in the box to scroll and it'll scroll without clicking in it beforehand. Yus!
I neglected to mention this at first, but what the hell are those check boxes that appear when selecting a Windows Shell icon supposed to mean? Oh, I guess in a list-like view it makes selecting multiple items easier than holding Ctrl whilst clicking each item. But it just looks totally stupid in large icons, which I usually have set as default (an old Windows 95 habit/tradition of mine).

That's all for now; the fact that I can post this means that Windows 10 hasn't burnt my virtual machine down yet.

Sunday, 5 October 2014

Unhacked

I took way too long to write this. This really should've been written the Monday or Tuesday after, but apparently I get swamped. No, swamped doesn't include getting in any byke rides other than the usual commuting/transport purposes.

After attending three hackathons previously, it was time to Unhack for hackathon #4.

If you were at Unhackathon and currently reading this, yes I was the guy with the green Penn State shirt, monitor rotated vertically, a buckling spring keyboard, stayed up all night but had to leave right at the end of the demos to catch the bus back to Penn State.

First, some credits. Have to give Hanne and the organising team and volunteers a major one for putting on a smooth-running event despite all the setbacks that occurred, ranging from the move from the Stony Brook University campus to AlleyNYC to finding that no buses were available to charter for the weekend. The fact that this was Unhackathon's first run is just icing on the cake. Had to be my favourite hackathon out of my four participated.

Also shoutout to my Carnegie Mellon peeps Alex, Brandon, (I'm gonna butcher your name spelling) and Kevin who I met first thing upon arrival and sat next to for the entire time. I think I'll have to consider getting an Oculus Rift now.

Anyway, enough of the credits. We made something like this:
Before I go into any implementation details and what purpose it serves, here's some background. Sometimes I pre-plan long road rides, so that includes at least one food/drink stop. Sometimes finding the right place(s) to stop is extremely tedious.

I didn't come into Unhackathon with any ideas on what to build; coming up with ideas isn't something I'm good at unless I have some problem that needs immediate fixing. However, during the opening, we got a demonstration/explanation of ordr.in and their API, so combine that with stuff sneaky bastards do and Coffeestop is born.
So I found Amy and Raymond from Columbia right after opening ended and got to work. We did some design and workflow diagrams to determine the best course of action afterward. Based on our diagramming, we decided on Flask (my third time in a row using this microframework in a hackathon) as the backend.
We originally wanted to use the Strava API to get the GPS route files from, but we quickly realised that just working with the raw .gpx files was easier when the final product is just a prototype.

Clearly we need a large enough dataset of coffee shops, cafés, etc to populate the results based on route, and we eventually found the Yelp API to be good enough for that purpose. It also helped that the API was able to return results based on a radius from a given geographic coordinate, which was gotten from the .gpx files.

And finally, we used the Google Maps JavaScript API to draw the damn map!

Now, the ordr.in integration wasn't as much fun as we thought. Since ordr.in's core service is in food delivery, not also just-in-time pickup, we had to plan on setting the delivery destination to the originating establishment. Okay. But in the end, we ran out of time and sanity to really get that capability even visible alongside the Yelp results.

While we are on the Yelp results, we also ended up with multiples of the same result(s) based on our coordinate-based searching. Since the coordinates that we fed into the Yelp API were relatively near one another, it is expected that in the aggregate results array there exist multiples of the same result. Again, we ran out of time and sanity to fix that, but then again doing the cleansing would have added to the processing time…

Other items claimed by erosion of time and sanity were map markers and info windows of each result, stuff relatively easy to implement. And, thinking about it post-hackathon, this would have allowed us to store the results in a Python Set data structure instead of a List.

All coding, designing, development work aside, I think the last-minute move to AlleyNYC was really for the better. I wouldn't have been able to work with my two Columbia teammates otherwise (they said they wouldn't have came if Unhackathon were still held on Stony Brook University campus), and the relevant, intimate feel of working in a rather small tech co-working space really made this my favourite hackathon yet.

But this hackathon's main purpose of existence wasn't so much to create the coolest, fanciest hack ever (though there certainly were cool ones there), but to encourage creation of brilliant code and helping one another out. And with that, it's been fun Unhacking. Now onto YHack in a few weeks!

Wednesday, 6 August 2014

How to make a strong password

tl;dr:

If you're reading this then you probably know about the Russian crime ring making out with a shitton of username and password data from many sources. If not just search for it.

Then I come across this clickbait-type article detailing seven steps toward making a strong password. Actually, there is only one true way to make a strong password, and thankfully it's the first step in that article.

Make it as long and annoying as you possibly can.

But make sure it's memorable without too much effort for you, but a royal pain for anyone else to guess or brute-force it.

I should continue by saying that if every service that use username and password authentication hashes and (preferably) salts their passwords before sending and ultimately storing them in user databases, this would be this post's end-of-file.

However, as we have witnessed in this massive crack attack, many services apparently have no idea how to do things, and as a result leave themselves as extremely easy targets. I wouldn't be surprised if some of the "victims" store all of their userdata in plaintext and/or don't use SSL, two of the most basic ingredients necessary for adequate data protection.

Hell, whenever I come across a service with any password policy, except (and the only exception) when it solely deals with a minimum length, that immediately rings alarm bells. In the aforementioned password tips article, one point included mixing all sorts of characters around. That reminds me of some moronic password policies requiring at least one of a set of special characters. Maybe it's supposed to help the most brain dead of people make somewhat harder to guess (but worse, somewhat harder to remember) passwords? It's still a sign that such user data is not being protected properly.

The very worst is when I need to use the occasional password reset feature and the password I set is emailed back in total plaintext.

Seriously though, in an ideal situation, SSL would be used during authentication and password data would be all hashed and salted, and no password policy in place except maybe the minimum length line. Let users be as smart or stupid about the passwords they create because the endpoint would be secure. Have cracker(s) guess the stupid ones and probably succeed. Then there would only be a very minimal breach because 1) only the stupid accounts got cracked and 2) nobody else's stuff could be accessed (except when explicitly shared, à la Google Drive). Can't blame the service provider now!

Oh, and the proper term really should be passphrase, because apparently password implies a one word secret.

Friday, 13 June 2014

Aluminium: a love/hate relationship

I'm totally aware that I've changed like, everything, despite keeping all the old posts and such. There's more to that, all for another post.

So as I'm doing a drivetrain rebuild on my road bike, there's bound to be lots of twisting. Some involve hex bolts, others involve messing with the cassette cluster in the rear wheel, and even replacing and dishing eight spokes in that wheel.

So far, so good. The wheel is dished satisfactorily with regards to my limited amount of tools compared to a bike shop, new cassette cluster is installed and rim tape ready to roll before I reinstall tube and tyre. The old chain is disconnected and my cranks actually somewhat resemble a spider now that both chainrings are unscrewed. And the old rear derailleur, hanger and shift cables are also headed to the dustbin as well, especially considering that the derailleur and hanger are unusably bent.

But hold up. Whilst removing the rear shift cable and housing, taking the adjusting barrel on the down tube with it, it didn't take much unscrewing effort for the damn thing to crack and separate, leaving my hand with the adjuster head and part of the screw, with the other half still screwed in but running headless.

Before you start assuming variables that got me into this predicament, I do confess the following:
If you're reading this in a non-graphical terminal, or just simply tl;dr, basically, deferred maintenance in the past caused this big time.

But while deferred maintenance was the major player, I do need no highlight the rather poor durability of aluminium fasteners. When dealing with the screw types, a wrong push, pull, shove, etc can have the heads stripped within seconds. The proof is in the strength and yield numbers compared to, say, steel.

But aluminium is what my frame is made of! It's relatively cheap (due to easier manufacturing) and can be made stiff and light in certain ways. Dings in the front three structural tubes are not a problem structurally. But it's a bad idea to use aluminium fasteners! Even with periodic re-greasing and whatnot, something just doesn't sound right.

In the meantime, while I'm back to riding my steel frame fixed gear cyclocross bike around, screw and bolt extractors are calling my name. More to come.