Posts by Scott Fradkin
I have put together an article about my experiences at BarCampMilwaukee2. I wrote it because I wanted to be able to point people to something that can describe what a BarCamp is like. It’s one thing to give out the description of “unconference, no preset schedule, etc.”, but it’s another thing to actually be at the BarCamp participating. I really enjoyed BarCampMilwaukee2 as I have previously posted and I’m getting excited about the possibilities ahead of us for BarCampMadison2.
The article can be found at http://tech.fradkin.com/articles/barcampmilwaukee2.html.
I’ve also created a handy RSS feed for tech.fradkin.com that can be pulled into your favorite feed reader: http://tech.fradkin.com/rssfeed.xml. Updates tend to be infrequent, but at least you would be notified that I’ve updated something.
Filed in: Team Member Blog barcampmilwaukee2, article, whatisbarcamp?
I’ve been a user of OpenOffice.Org pretty much since OOO first came out. Even when I was still occasionally using Windows, I was looking for alternatives to using Microsoft products. OpenOffice, to me, offered that alternative. It provided me with the basic functionality that I needed from a word processor, spreadsheet program, and presentation creator. I’m not a power user of the basic office products, so the lack of features that Microsoft Office provides has never been an issue for me.
Fast forward to a couple of days ago. I’ve been working on some articles that I’ve finally decided are good enough to publish to the interweb. I typically write them in OOO. I was looking into an easy way to convert them into HTML and noticed that OOO contains a feature to export a document in XHTML format. I thought that this feature could be pretty handy so I tried to use it. Bzzt! Try again. How foolish was I to attempt such a thing without first telling OOO what Java VM to use. Ouch! OOO depends upon Java for some of its functionality. So I went to the settings to tell it what VM to use. Surprisingly, after I navigated to my /opt directory, it figured out that I had 3 different JVMs installed: 1.4, 1.5, and 1.6. I figured that I might as well use the most recent one I’ve got, so I pointed it to 1.6. OOO gave me a message box that indicated that I’d need to shut down OOO and restart it in order for the setting to take effect. OK. No problem.
It shut down fine, but when I attempted to run it again I got a whole lot of nothing. Nothing? What? It just wouldn’t run. No error messages of any kind. That seemed a bit odd. So, I embarked on a journey to try and figure out how to unset the JVM setting. All I could find was a file that was autogenerated each time OOO was started. So, I asked Gentoo to uninstall OOO. Then I made sure that any OOO related directory was removed. Then I re-installed OOO. I typed in “oowriter” at a command prompt and was greeted with nothing but another prompt. No error, no messages, no OOO starting up. After another fruitless hour of searching and trying everything I could think of, I just gave up. This was going to cause a serious issue. I have Windows installed in a VMWare virtual machine if I absolutely have to use Windows, but I’d rather not deal with it.
I went with Plan B. Plan B was to let my computer spend the time to compile OOO from scratch. Fortunately, I was a bit smarter with my disk partitions on my laptop and actually put enough space in the /tmp partition to be able to perform large compilations. OOO notoriously uses up about 4GB of disk space and on my Core Duo 2 machine took about 3.5 hours to compile. I crossed my fingers and typed “oowriter” into a prompt after it finally finished compiling. Much to my surprise, OOO started right up! Back in business! But, I’ve learned my lesson. I won’t be telling OOO where my JVMs are. I can live without this hassle.
Filed in: Team Member Blog java, linux, openoffice
The first official get together to start organizing BarCampMadison2 is coming up. If you’ve never been to a BarCamp before and are interested to see what this is all about, or you missed the last one and want to get involved with this one, stop by to meet a great group of people. Remember, BarCamps are organized by the participants for the participants. Below is the text of the invite that was sent out. See you at the meeting!
————————-
It’s time to get the ball rolling for BarCampMadison2, so let’s get together for coffee and do some planning (after the holiday of course):
January 5th
2 pm (to 4pm)
Escape Java Joint
916 Williamson Street
http://www.escapejavajoint.com
Agenda
- Introductions
- Communication methods (barcamp site, googlegroup, email list, meetings, etc)
- What needs to be done? Who wants to do it?
- Read http://www.cleverclevergirl.com/?p=10
- Sponsor wrangler
- Food Czar
- T-shirt Master
- Wi-fi Guru
Filed in: Team Member Blog planning, barcampmadison2
The Handbook of Applied Cryptography is now available online at http://www.cacr.math.uwaterloo.ca/hac/index.html. This book is officially Bruce Schneier approved. If you’re interested in cryptography you should check it out.
Filed in: Team Member Blog cryptography, book, bruce schneier approved
I found an interesting article from Slashdot about using Google as a password cracker (http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/). Ask Google to search for a hashed password, and if it’s common enough to be included in one of the many indexed documents that contain password/hash pairs, you’ll know that password. The comments to the article are just as interesting. A discussion of securely storing passwords runs through them.
The general points to consider when creating passwords are:
- Longer passwords are better
- Passwords that aren’t real words are better
However, since most people have a really hard time with passwords like that, they need to be stored securely.
- Use a salt
- Create the salt in a cryptographically secure fashion with a reputable library
- Make sure the salt is lengthy
- Use a different salt for each user
Short passwords are notoriously easy to crack if they’re hashed with MD5. There are numerous utilities available to brute force crack MD5 hashed passwords. There are even some interesting dictionary methods to crack MD5 hashes, as well as rainbow tables (overview here: http://en.wikipedia.org/wiki/Rainbow_tables).
I guess the moral to the story is that one shouldn’t assume that their password is infallible. If you are using word-based passwords they will probably be cracked at some point. When creating a system that needs to store passwords for user login either use an off the shelf utility that will encrypt or hash the passwords securely or do your homework so that the site doesn’t get owned. Don’t ignore warnings about MD5. Use SHA-1 or SHA-256 instead.
Remembering all those strong passwords is an entirely different issue…
Filed in: Team Member Blog cracking, cryptography, md5, sha-1, sha-256, passwords
One of my goals when checking out a programming language that is new to me is to find some kind of use for it other than what I’ve read in a book. While Ruby seems to have found a niche with the Rails web framework, I was also interested in other uses for it. Believe it or not, I’ve never really learned Perl, and I’m not the greatest with shell scripts, so it’s nice to have learned enough Ruby to perform some helpful tasks.
Ruby is an interesting language. You can use it as an Object Oriented language, or you can use it more like a functional programming language. What’s really nice is that because it’s currently an interpreted language and not compiled, you can use it as a general purpose scripting language.
I’ve created a really simple script that runs as a cron job to run the ‘emerge’ program, compile the results, and email them to me. Quite helpful. The concept can be used to gather results from running anything that has output. The script is below. Even though you specify from and to addresses in the Ruby send_message() call, I found that at least with my internet provider I still needed to specify Subject, From, To, and User-Agent mail headers otherwise the mail got bounced.
require 'net/smtp'
result = `emerge -upDv world`
msg = "Subject: Packages to Emerge\r\n"
msg += "From: FromName <from@name.com>\r\n"
msg += "To: ToName<to@name.com>\r\n"
msg += "User-Agent: Ruby Mailer\r\n"
msg += result
msg += "\r\n"
Net::SMTP.start('mail.name.com') do |smtp|
smtp.send_message(msg, 'from@name.com', ['to@name.com'])
end
Filed in: Team Member Blog ruby, script, handy
I think I’ve finally started to figure out Twitter.
It seems that the key to Twitter is knowing other people who use Twitter. Chalk one up to BarCamp. Many of the people I met and worked with at BarCampMilwaukee use Twitter. It’s a real interesting method of seeing what everyone is up to. I think I’m getting the hang of it.
I do see a real benefit in hooking it up to your cell phone’s text messaging. Being out and about and being able to update Twitter with what’s going through your head at any moment is great. But, unless I can convince my cell phone provider to give me unlimited SMS messages for less than 20 bucks a month it won’t be something I’ll be doing.
I’ll make do with checking out what everyone is doing and making updates at night.
Follow me on Twitter: sfradkin.
Filed in: Team Member Blog twitter
This made me laugh: http://www.flickr.com/photos/kevron/1572812750/
Just an example of the sleeping arrangements at BarCampMilwaukee2. It’s part of the charm.
The missing pillow wasn’t BarCamp’s fault… BarCamp didn’t steal it or anything.
Check out the Flickr photostream from the BarCamp at http://www.flickr.com/photos/tags/barcampmilwaukee2/
There are nearly 1500 photos tagged barcampmilwaukee2.
Filed in: Team Member Blog barcampmilwaukee2