Google+ Followers

Sunday, August 17, 2014

Protip #3: You do want your OpenPGP key to expire

You think you don’t, but you really do.You are probably thinking you don’t want to have to transition to a new key on some arbitrary date. But you can always extend the expiration later. And if you lose your key and don’t have a revocation certificate, the expiration date serves as a kind of “dead man’s switch”. If you don’t prevent it from being triggered by extending the date, your key will be automatically invalidated. This way, if you lose your key (and you don’t have a revocation certificate or have lost that, too), your key will not remain valid forever.

If you use Thunderbird with the Enigmail extension, per my previous tutorial, it is pretty easy to change your key’s expiration date from the Key Management interface. Right-click your key and select Change Expiration Date. Then you can select how many years, weeks, or days it should be until your key expires.




Of course, you will need to re-upload your public key so that your friends can get the extended expiration from the key server. Of course, you can also do the same with GnuPG from the command line, but I’ll leave that as an exercise to the reader.

And now you have no reason to have no expiration date on your keys!

Friday, July 18, 2014

Create your Own Word Searches on Debian, Ubuntu, Mac OS X, or Windows

Creating your own word search is really simple. They can be easily generated by software, given a simple word list, and I’m going to share just such an application with you today. Word Search Creator is a desktop word search generator licensed under the GPLv2 (so it is free as in freedom, as well as price). The downloads page has packages specifically for Ubuntu, Windows, or Mac OS X. These are pretty straight-forward to install. Ironically, there is no package for Debian (the parent distro from which Ubuntu is derived), and the Ubuntu package is not installable on Debian stable. But no worries, this is open source software! So for Debian we will just install from source.

Installing from source on Debian

Before we can install Word Search Creator, we need to install the Qt4 developer tools:

aptitude install qt4-dev-tools

Now, download the source, unpack it and cd to the unpacked source directory. To build the application, just:

qmake
make


In order to install it system wide, as root:

make install

If you are running KDE, run kbuildsycoca4 to rebuild your application menus.

Create a Word Search

When you first open Word Search Creator, there is a control box on the right side that you use to create the word search. Here you can type in a word list and set the size of the grid (or set it to automatically enlarge based on the words you give it). Type in a title and hit Create/Shuffle to generate your word search (hitting it again will, as the name suggests, shuffle your word search).


The menus give you a number of other options you can set. By default, words are only hidden left to right or top to bottom, but you can choose which directions are allowed. You can also choose how the word list is ordered, and edit the formatting. Perhaps one of the coolest features is the ability to change the shape of the puzzle by excluding squares from the grid.


Having fun with it

You can work the puzzle right there on screen, highlighting the words as you find them, and they will automatically get struck off the list.


You can also save it as a word search file, export it to pdf or svg, or copy it to the clipboard as an image (Ctrl + C). Working with it as an image, you can also use an image editor to decorate your word search. Here, I have simply filled in the empty squares and given it a yellow background color to highlight the smiley face.

And here is a full page puzzle.


Try it out yourself, and have fun!

Wednesday, June 25, 2014

Windows Browser Benchmarks

Ok, so this a bit off topic for this blog as it isn’t really a how-to, but I thought it might be interesting to my audience nonetheless. I ran the major browsers through four different benchmarks: Google’s Octane 2.0, Mozilla’s Kraken 1.1, and Apple’s new JetStream and Speedometer (the latter focuses on measuring the responsiveness of web apps by simulating user interactions). For graphing purposes, I normalized the scores on the various benchmarks so that the fastest browser was always 100 (this also means inverting scores for Kraken, which measures time rather than some unit of speed).

To make things interesting, I decided to include some less common variants, as well as the major browsers. I have been hearing about optimized Firefox-derivatives like Pale Moon and Waterfox and wanted to see how they stack up. Here is what I found:



The official Mozilla build was generally faster, although Waterfox was a bit ahead on the Kraken. Pale Moon was consistently last. Both Waterfox and Pale Moon are based on older versions of Firefox. Apparently, the optimizations don’t make up for the improvements in newer versions of Mozilla Firefox, at least not at this time.

And here is how Mozilla Firefox stacks up against other major browsers:


Firefox was the leader except on Octane, where it was pretty close behind Chrome and Opera (which is now based on Chrome, hence the very similar scores). Internet Explorer was consistently near the bottom, losing on both Octane and the Kraken by a wide margin. Although it wasn’t last on Speedometer and JetStream, even coming in second on Speedometer, it was still nearer the bottom than it was to catching Firefox in the lead.

And here I put them all on one chart for a more complete overview:


Finally, I decided to do a combined comparison by looking at how far behind the lead each browser was on each benchmark. This graph is like a target with the bullseye in the center. A browser that was fastest on all benchmarks would be dead center, and the one losing by the widest combined margin would be furthest from the center:

Here we can see that Firefox was the clear winner. Waterfox still outperformed Chrome and Opera, while Pale Moon fell behind them. Internet Explorer was clearly last. Note, however, that the benchmarks are not really meant to be combined in this way and you could probably easily shift these rankings by choosing different benchmarks. Nevertheless, I think the results are interesting.

And for anyone who is particularly interested, here are the original numbers:


Octane Kraken Speedometer JetStream
Firefox 30 9169 3709.8 25.57 65.589
Pale Moon 24 7005 4413.8 19.15 57.805
WaterFox 28 8483 3405.5 21.5 62.103
Chrome 35 9698 3824.3 16.1 55.168
Opera 22 9551 3853.7 15.7 46.022
Internet Explorer 11 6416 6286.4 18.14 50.282

Wednesday, May 7, 2014

Generating and learning strong passwords, Python version

Just for fun, I rewrote my password shell scripts in Python. These scripts work essentially the same way and are compatible with the scripts from the previous post. The real purpose of this exercise is to give you the chance to compare some of the syntax and features of the languages.

This is my first post using Python, but I’m not going to explain all of the basics of Python syntax here. If you aren’t familiar with Python, you may want to read a tutorial or introduction to the language first.

Here is what genpw.py looks like:

#!/usr/bin/python3

import random
import sys

chars = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '!', '"', '#', '$', '%', '&', '\'', '(', ')', '*', '+', ',', '-', '.', '/', ':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '^', '_', '`', '{', '|', '}', '~' ]
length = 13
pw = ""

for i in range(1, len(sys.argv)):
    if sys.argv[i] == "--alnum":
        chars = chars[0:62]
    elif sys.argv[i] == "--length":
        length = int(sys.argv[i+1])
    elif sys.argv[i] == "--forbidden":
        forbiddenchars = sys.argv[i+1]
        for ch in forbiddenchars:
            chars.remove(ch)

end = len(chars) - 1

for i in range(0, length):
    index =  random.randint(0, end)
    ch = chars[index]
    pw += ch

print(pw)


First, we start with a list of printable ascii characters. Since it has been sorted into numbers, letters, and symbols; we can get the alphanumeric subset with a simple slice operation. And we can remove any forbidden characters by simply calling the remove() method of the list of characters. Then, we find how many characters are in the resulting list and generate a random number within that range for each character in the final password. We simply use that number as the index to choose one of the characters from our list and then print the completed password string.

The approach here is slightly different from the one that I used in the Bash script. There, we generated a stream of random numbers and filtered out only the desired characters until we had the desired length. Here, we create a list of desired characters and select the desired number of characters randomly.

And here is what setpw.py looks like:

#!/usr/bin/python3

import sys
import os
import hashlib

if len(sys.argv) > 1:
    name = sys.argv[1]
else:
    name = "default"

pw = input().encode('ascii')
pwhash = hashlib.sha512(pw).hexdigest()
hashfile = os.path.expanduser("~/." + name + "pwhash")

print("\033[1A\033[0K", end="")
with open(hashfile, 'w') as f:
    f.write(pwhash)


This one is even more similar to the Bash version, it’s approach does not substantially differ.

Finally, here is what ppw.py looks like:

#!/usr/bin/python3

import sys
import os
import hashlib
import getpass

if len(sys.argv) > 1:
    name = sys.argv[1]
else:
    name = "default"

pw = getpass.getpass("").encode('ascii')
pwhash = hashlib.sha512(pw).hexdigest()
hashfile = os.path.expanduser("~/." + name + "pwhash")

with open(hashfile, 'r') as f:
    storedhash = f.read()

if pwhash == storedhash:
    print("Correct")
else:
    print("Wrong\a")


Again, the approach here is essentially the same as the Bash version. You may notice that instead of input(), I used getpass.getpass(""). This prevents it from echoing the characters to the terminal. By default, getpass() uses the prompt Password:, so to make it more consistent with the Bash version I passed it an empty string instead.

Hopefully you found this little exercise entertaining and educational.

Sunday, April 27, 2014

Generating and learning strong passwords

In the wake of the recent catastrophic security vulnerability known as “Heartbleed”, many people have been tasked with thinking of new strong passwords for their online accounts and learning them. I’m not writing about Heartbleed, per se, but suffice it to say that you need to change passwords for any affected sites (after the vulnerability has been patched) and any sites you may have reused those passwords on. What I’m sharing here is an approach to generating and learning strong passwords. There are many approaches to password security, including password managers and using long passphrases instead of simple passwords, but I’m just sharing one approach here.

Humans are not very good at generating random passwords, so it can be helpful to use a proven computer algorithm and then simply work to memorize the password that was generated. We are going to use a bit of Bash scripting with the OS pseudo-random number generator and some basic Unix utilities for this. One of the best ways to memorize a strong, random password is to practice typing it. To help with this, we are also going to use a bit of Bash scripting that will let us type the password repeatedly and check if it is correct.

We could create three different shell scripts for this and keep them somewhere like /usr/local/bin (for system-wide use) or somewhere in your home directory (for personal use). Or, we could define them as functions in /etc/bash.bashrc (for system-wide use) or ~/.bashrc (for personal use). I’ll present them both ways, first as individual scripts and at the end as a series of functions. Putting them in separate script files would make them available from other shells, etc. (If you login to csh and invoke one of the scripts it will simply call Bash to run it. If you defined them as functions they would be unavailable in csh.)

First, here is a one-liner to generate a random password:

cat /dev/urandom | tr -cd "[:graph:]" | head -c 13 && echo

The first part reads from the pseudorandom number generator and passes it to the next part, the tr command removes all characters that are not printable ascii (you could also use "[:alnum:]" to generate an alphanumeric password), head -c takes only the specified number of characters and then terminates the pipeline, and the echo command simply outputs a newline, so that we don't end up with the command prompt being printed on the same line at the end of the password.

Now, we’ll look at a more complete example that takes command line options instead of manually editing our command:

#!/bin/bash
chars="[:graph:]"
length="13"
forbidden=""
for i in $(seq 1 $#); do
    if [[ "${!i}" == "--alnum" ]]; then
        chars="[:alnum:]"
    elif [[ "${!i}" == "--length" ]]; then
        ((n=$i+1))
        length="${!n}"
    elif [[ "${!i}" == "--forbidden" ]]; then
        ((n=$i+1))
        forbidden="${!n}"
    fi
done
cat /dev/urandom | tr -cd "$chars" | tr -d "$forbidden" | head -c "$length"
echo


This script takes several arguments. The --alnum argument limits the password to alphanumeric characters rather than printable ascii. The --length option is followed by the number of characters to generate and --forbidden is an additional list of forbidden characters (useful for sites that accept special characters with a few stated exceptions). The default is 13 characters consisting of printable ascii characters. 13 random ascii characters meets the NIST recommendation for 80 bits of entropy for a strong password (learn more about password strength on Wikipedia).

The for loop here counts the number of arguments passed to the script (stored in $#) and loops over them. The ${!var} notation treats $var as the name of another variable. In other words, if $i is 1, then ${!i} is the same as $1 which is the first argument that was passed to the script. The double parentheses are used to evaluate a mathematical expression. After evaluating the command line arguments, we have essentially the same pipeline we used before. The -d option for tr deletes characters from the input, while -c means to delete everything but the specified characters (the “complement” of the specified character set). So the first tr command removes all of the characters except for printable ascii (or alphanumeric, if specified), the second removes additional characters specified with --forbidden.

Now, on to our password practicing tools. First, we need a way to set the password:

#!/bin/bash
name=${1:-default}
read pw
echo -ne "\033[1A\033[0K"
echo -n $pw | sha512sum | tr -d ' -' > ~/.${name}pwhash


The read command takes input from the user and stores it in a variable named pw. By default, read prints what you are typing to the terminal. We allow it to do so here, so that you can make certain you are typing the password correctly the first time. However, as soon as we have finished typing and hit “enter”, we clear that line so the password is no longer visible. The -n option tells echo not to automatically output a newline at the end, and the -e tells it to interpret escape sequences. The sequence \033[1A moves the cursor up one line, and \033[0K deletes the current line. Rather than storing the password itself, we store a hash of the password for a bit of extra security (hopefully, of course, the machine we are doing this on is already secure, but this is a simple precaution to take). The sha512sum prints a couple of spaces and a hyphen at the end; the tr -d ' -' removes these. This script optionally takes one argument, a name so that you set and practice multiple passwords. The notation ${1:-default} is equivalent to $1 if it is set, otherwise it defaults to default.

Now, we need a way to practice typing the password we set:

#!/bin/bash
name=${1:-default}
read -s pw
userhash=$(echo -n $pw | sha512sum | tr -d ' -')
storedhash=$(cat ~/.${name}pwhash)
if [[ $userhash == $storedhash ]]; then
    echo "Correct"
else
    echo -e "Wrong\a"
fi


This time we used the -s option so that read does not print what you are typing to the terminal. Similar to the first script, this one optionally allows you to specify a name and then compares the hash of the password you type to the one that was previously stored. If they match, it informs you that you have typed the password correctly; if not, it let’s you know it was wrong. The \a is the bell character; it may give an audible alert, or in some cases a visual alert or nothing at all, but it is a nice touch to get your attention when the password is typed incorrectly.

Putting them all into functions is quite simple:

function genpw() {
    chars="[:graph:]"
    length="13"
    forbidden=""
    for i in $(seq 1 $#); do
        if [[ "${!i}" == "--alnum" ]]; then
            chars="[:alnum:]"
        elif [[ "${!i}" == "--length" ]]; then
            ((n=$i+1))
            length="${!n}"
        elif [[ "${!i}" == "--forbidden" ]]; then
            ((n=$i+1))
            forbidden="${!n}"
        fi
    done
    cat /dev/urandom | tr -cd "$chars" | tr -d "$forbidden" | head -c "$length"
    echo
}
function setpw() {
    name=${1:-default}
    read pw
    echo -ne "\033[1A\033[0K"
    echo -n $pw | sha512sum > ~/.${name}pwhash
}
function ppw() {
    name=${1:-default}
    read -s pw
    userhash=$(echo -n $pw | sha512sum)
    storedhash=$(cat ~/.${name}pwhash)
    if [[ $userhash == $storedhash ]]; then
        echo "Correct"
    else
        echo -e "Wrong\a"
    fi
}
function unsetpw() {
    name={1:-default}
    shred -uxn1 ~/.${name}pwhash
}


I added an extra one here to unset the password by removing the hash from your system, although this one is fairly trivial. In addition to learning one handy way to generate and learn strong random passwords, hopefully this little exercise has also given us a look at some handy Unix tools and Bash scripting features. For comparison, I’ve also written a Python version of these scripts.

Saturday, March 15, 2014

Installing your CUPS shared printer on Windows

This is one of those things that really isn’t that complicated, but it doesn’t work as intuitively as it should and I find myself looking it up every time I have to do it again, so I’m going to go ahead and document the process here in a clear and easy to follow fashion. I’m not showing how to set up the printer with CUPS on Linux, I’m assuming that is already done and just showing how to add that printer on Windows (Windows 7 is shown here).

First, you need to know the name of your printer. If you have forgotten, you can easily find this by using your web browser to pull up localhost:631, this is an administrative interface for your CUPS server. Click the Printers tab and you will see your printer’s name under Queue Name in the first column.



Now that you know the name (and the IP address or domain name for the computer), we are ready to add the printer in Windows. Pull up Devices and Printers from the Start menu. Click the Add Printer button to pull up the Add Printer dialog. Of course, we will be selecting Add network, wireless, or Bluetooth printer. It won’t find the printer, but don’t worry, just select The printer I want isn't listed. Now use Select a shared printer by name. Ignore the examples, the correct format to enter is:

http://ipaddress:631/printers/Printer_Name

or:

http://domainname:631/printers/Printer_Name

Now, you will have to select the manufacturer and model (or series) of your printer. Now you’ve installed the printer and you will presented with an option to print a test page to make sure it works.







As I said, it was pretty easy, just not exactly intuitive. And now you should be able to print from Windows to the printer attached to your Linux machine (or other Unix system, including Mac).

Sunday, March 9, 2014

Fun Unicode Characters for Facebook (and Generally Anywhere).

 Here is just a sample of fun unicode characters for Facebook. You can use these pretty much anywhere (including Google+), but I’ve specifically selected a few that don’t have emoticon equivalents supported by Facebook (at least that I’m aware of), don’t get converted to graphic emoticon representations by Facebook, and do display properly on most systems.

There are several different ways you can type the characters, depending on your system. You can use the hex codes on Windows and Linux (at least GTK apps). Using hexadecimal input for unicode characters on Windows can be a little tricky, though. Older alt codes can be used for some, but not all of the characters. Although the characters you can type with alt codes is limited, they have two advantages: they don’t require any special configuration and since they are decimal numbers they don’t contain any letters that are likely to cause conflicts with program shortcuts, so I’ve included them in the chart where applicable. To use the alt codes, you simply hold the Alt key while typing the number (you don’t use the + key like you do for the hex codes). Please note the leading 0 is important, alt code 145 produces a different character (æ) from 0145.

The easiest and most convenient input method is the compose key on Linux. It doesn’t cover all unicode characters, but it covers more useful characters than alt codes and they tend to be much easier to type and remember because they tend to be mnemonic (while not on the list because Facebook provides emoticon equivalents, the compose sequence for a smiley is :), a frowney is :(, and a heart is <3). There is a caveat, however, for the compose key on GTK apps. GTK overrides the configurable behavior of the compose key, unless you specifically configure to it use the underlying configuration from X. In order to do this, you will want to add a line to your ~/.Xsession like this:

export GTK_IM_MODULE="xim"

Then log out and back in. You can also type the above line directly into a terminal and then launch the GTK app from that terminal if you want to just quickly try it. The highlighted compose key sequences below may not work in GTK apps—including Firefox and OpenOffice—without this extra configuration, however.

Of course, if you have trouble typing any of the characters, you can also copy and paste them from here. That isn’t exactly the point here, but it will work.

DescriptionComposeAltHexCharacter
left single quote<'01452018
right single quote
(apostrophe)
>'01462019
left double quote<"0147201C
right double quote>"0148201D
en dash--.01502013
em dash---01512014
hedera2766
side-ways hedera2767
degree symboloo24800B0°
copyright symboloc016900A9©
registered trademark symbolor017400AE®
trademark symboltm01532122
bullet point.=72022
cross
271D
outlined cross271E
check mark2714
x mark2718
snowman2603
infinity symbol88236221E
radiation symbol2622
skull and crossbones2620
eighth note#e13266A
beamed sixteenth notes#S266C
musical sharp symbol##266F
musical flat symbol#b266D

Bonus: Tux


It is often asked if there is a unicode character for Tux, the penguin who serves as the Linux mascot. There is no character for Tux in the unicode standard, however there is a private area for fonts to include non-standard characters. Linux Libertine, an excellent free font, includes Tux at code point e000. You can use this character if you can specify the font, such as on a web page (better use @font-face or the browser will fallback to something else if it isn’t installed) or in a document where you select the font. If you use this on Facebook, it will only display properly for those who have the font installed and have a browser that automatically falls back to a font that has the character available if it isn't in the currently selected font.

Here is what it looks like, if you have the font installed:

And here is what it looks like a bit larger:

Note: I changed the font color for Tux to black and the background to white, because it does look rather odd in reverse. I also made sure to remove the text-shadow effect.