Choose color scheme

About the Author

506 Posts By ben

  • Top-bar beehive design

    Here’s a Google Sketchup design for a simple top-bar beehive.

    Some pics:


    Notes:

    Only 2 measurements really matter in the design of a top-bar beehive: the angle of the side panels (70 degrees) & the width of the top bars 35mm. They both pertain to bee behavior and this design has them both optimized. From what I gather, other measures are quite forgiving.

    This design is simple & well researched, I do not know yet how it will fare in practice, more to come on that.

    Material:

    All you’ll need as far as wood is concerned is a couple of 2x12x16 and a 3/4″ sheet of plywood:

    Lastly, all units are in millimeters but based on standard lumber sizes available at the hardware store.

  • Robin & the Eagle from the White Mountain

    My wife & I have just released our first children story! As an app for iOS devices. This is the achievement of what started innocently as a small project reading stories to mp3. Months of work, huge investment for the art, it feels great to have put this project behind us.

    My only hope now is that the market gods will treat us well.

    Here it is in all its glory:
    English version: http://itunes.apple.com/us/app/id480065432
    Hungarian version: http://itunes.apple.com/us/app/id480080998
    French version: http://itunes.apple.com/us/app/id480175112

  • Poor man’s 2FA: a simpler 2-factor authentication mechanism for SSH

    The problem with PAM based 2FA:
    • PAM does not get called when the SSH daemon does key based authentication. So your 2FA there only works with password authentication. This might be something you want but maybe not.
    • A PAM module based solution to 2FA is harder to implement
    The solution: Poor man’s 2FA!

    It is possible to add the ForceCommand directive to your sshd_config. Like the name suggests it simply runs a command after authentication and before the shell is spawned. This is a good spot to add an extra check, say another factor for authentication.

    The code:
    #!/bin/bash
    trap "echo "I'm sorry Dave. I'm afraid I can't do that."; sleep 1 ; kill -9 $PPID ; exit 1" 2 20
    code=`od -a -A n /dev/urandom | head -2 | tr -d ' ' | tr -d 'n' | sed 's/[^a-zA-Z0-9]//g' | awk '{print substr($0,1,5)}'`
    echo -e "Subject:$code\nFrom:root@server <root@server.com>\n2FA code in subject" | sendmail phone_number@carrier.com
    read input
    if [ $code = $input ];
    then
        `awk -F: '($1 == $LOGNAME) { print $7 }' /etc/passwd`
    else
    kill -9 $PPID
    fi

    That’s it really, save this to an executable file, replace the obvious variables and ForceCommand its ass.

  • Avoid getting tracked in a datamining society

    Welcome to the information age! Memory is cheap, millions of records are copied in the snap of a finger and everybody wants your information. This is called data-mining and everybody is doing it essentially to better advertise to you. These databases of your facts & habits are often sold and even hacked. It is time to ponder how little control you have over your own information. And when you do so, think not only about the information you give but above all about the information that can be inferred from it.

    Compiled bellow is a list of tips for avoiding getting tracked in modern society. They range from simple good practice to paranoia. Obviously you could go live as a hermit in the woods and be untraceable. Feel free to comment on anything I missed and I’ll add to the post.

    Day to day life

    • Broadcast the least information possible. Does your state require license plates in the front & rear? 19 states don’t, google them. Police cameras automatically scan all the license plates they see, why double your chances? Your license plates are also often recorded when you drive through tolls.
    • Pay everything in cash, credit/debit card transactions can easily place you in space and time. Moreover, encoded in the magnetic stripe is your name, stores know everything you buy and when you buy it. This is pant creaming data for the marketing geniuses trying to figure out ways to make you consume more.
    • Avoid customer rewards programs. An even better way to tie information back a a customer that might use multiple methods of payment. Still want the sweet deals? Don’t use your real info when signing up, or just don’t sign up, the cashiers often have default cards to scan.
    • Avoid mail-in rebates. They are nothing more than a way for you to sell your information.

    I.T. life

    This is a dense section, no surprise this is where most data mining occurs.

    • Don’t let email load remote content

    This is commonly used as a way to know if you’ve opened the email, at what time you opened it, where you opened it from (IP geolocation) and what your email client was. The technical explanation is that some email have HTML formatting with images included. These images can be embedded in the email itself or referenced to a remote server. In the later case, the remote server will for example enable PHP parsing for JPEG files, execute code to track you and then feed the image to the email client which never had a clue it was loading a “special” image. This is all transparent to the user and the email client.

    • No smartphone GPS tracking

    Let’s take an example: you enable Google Latitude on your cell phone to share your location with friends and get to know fun facts about how much you travel. The information you give Google are geographic coordinates, the informations inferred from it are where you live, where you work and whether or not you pull your 40 hours a week there.

    • Let’s go further: no smartphones at all!

    Apple’s Iphones and Google’s Android phones gather location information WHETHER YOU WANT IT OR NOT. That’s right, you can turn off GPS all you want your phone still recurringly reports back to Apple & Google telling them not only where they are but also which other wireless devices they see around.

    More info here from the most excellent Samy Kamkar.

    The tech giants are involved in a major data gathering process where they use you to create a comprehensive map of the wireless spectrum. This is both an awesome project using crowdsourcing to accomplish a daunting task & a scary invasion of privacy. Because it doesn’t ask you, and because you take it home and so it reports your wireless router and so now everytime you use a regular computer connected to said router, they know exactly where you are. It is scary because even if you could turn it off, others around you are passively reporting your location.

    • Even further? no cell phones! your location can be triangulated from cell towers.
    • Forget social networks, even if you use fake information. Sooner or later, your contacts, something you said, someone that said something about, will be traced back to your real self.
    • Remove EXIF data from the pictures you distribute online, especially if they were taken with smartphones.
    • SSL encryption, SSL everywhere. In fact any time you configure a connection (IMAP, FTP, HTTP) make sure that it uses an encrypted mechanism. The number of network taps are growing and you don’t want to make the job easier on them.
    • Review pictures you distribute online for license plate numbers, bills laying on tables and other identifiers.
    • A strong firewall not just for incoming traffic. Nowadays devices are very noisy, from Bonjour to checking for updates the packets coming out of your network interfaces without your knowledge are plentiful and growing. And every time to send a packet out, your presence is known. A firewall with rules on outgoing traffic is a good idea to keep unwanted traffic to a minimum.
    • Don’t give your email address to anyone that asks for it, use services like mytrashmail.com or even better yet, get a new email account every time. This way if they sell your information you will know right away since you only have 1 email account per company. You can then check they EULA and see if maybe they boast of not selling your information, Make them accountable! On a side note Gmail offer the capability of adding a plus (“+”) following by a string of your choosing to your regular email address. For example if your email address is address@gmail.com, Gmail will also accept mail to address+sillysite@gmail.com. This way you can segregate mail by company with the convenience of having it all go to the same account. The caveat to that is that “+” is often considered as an invalid character in an email address even though it is a valid character.
    • Adblock is one of the best plugin for your web browser (Firefox or Chrome). It removes ads thus significantly enhancing your browsing experience. By negating traffic to advertisement servers, you are denying their chance to data mine the crap out of you. Browser fingerprinting is one of many techniques used with an argument often made that the combinations of browser related software are so plentiful that your browser can be uniquely identified. Permanent cookies are also used to keep an eye on your web whereabouts.

    And even if you follow all these steps, you are not 100% untraceable online.

    The path of maximum sheep

    Finally, for when you have to give information, try and be a generic & blend as possible.

    • Your name is needed to sign up for something? John Smith.
    • Need a new car? White Honda Civic, no bumper stickers, no vanity plates.
    • Gotta find a new name for a PC? Linksys.
    • Need a username for that shitty forum? User2656, don’t use the one you use everywhere else or one thing leading to another, it can most likely be tied to your real identity.
  • Python SNMP simple example to get 1 OID

    Because it took me forever to piece this simple code together

    import netsnmp
    session = netsnmp.Session( DestHost='your.host.com', Version=2, Community='public' )
    vars = netsnmp.VarList( netsnmp.Varbind('.1.3.6.1.4.1.2021.8.1.101.1') )
    print( session.get(vars) )
    
  • Shell scripting – updating a file holding a counter

    counter=`cat /tmp/counter` ; echo "$counter+1" | bc > /tmp/counter

    note that loading the /tmp/counter into the variable is a necessary indirection, the following:

    echo "`cat /tmp/counter`+1" | bc > /tmp/counter

    would not work as the output redirection gets triggered before the cat gets a chance to happen, so the file is emptied too early.

  • Datasets!

    Here are a bunch of datasets accumulated over the years for different projects, have fun with them! If you have something to augment this list with, let me know.

    U.S. zip codes

    basic english words

    condensed english words

    english dictionnary

    miscellaneous easy to type

    star trek references

    first names

    significant numbers

    common passwords

    places

    king james bible words

    book of mormon words

    koran words

    U.S. counties

  • Trip to a new life

    Not a whole lot of cell coverage in Wyoming & Nebraska :)