Those of you that follow me on twitter may have noticed that yesterday I was posting quite a bit more frequently and most of them contained the word 'test'. I was playing around with twyt and decided to build a curses-based Twitter GUI. I've never done any curses programming before, so this was my way of learning the functionality. I implemented command-line support in a style I found more to my liking (even though twyt already has this) and then started buliding the curses GUI. If I go very far with this, I may eventually rewrite the API to fit in with the rest of my code, but for now I'll use twyt on the backend.
The code is very basic, but already it can do a few things:
- Display latest friends list updates.
- Display recent replies.
- Display recent sent and received DMs.
- Update your status.
- Send a DM.
Unfortunately the next update is most likely a week away, but when I get around to it, I plan on splitting the screen into multiple windows with your current status always displayed, along with a regularly updated friends list. Right now everything is jammed into a single window.
I do need to figure out how to get Twitter to display my client name (apparently I need to contact them for that) but so far, so good. Anyone wishing to take a look at my (very alpha) code, can check it out here.
For those of you wondering about the name... TwCuP kinda reminds me of 'hiccup', so I found it slightly amusing at ~4am when I was trying to come up with a name.
Eventually this will (hopefully) be a client that can be left idling in a screen session... that's my goal anyways.
You may have noticed that recent comments have disappeared. It appears that IntenseDebate.com is down, so I've disabled the plugin (otherwise my blog won't even load). This isn't the first issue I've had and I'm finally fed up. I don't get email notifications for all my comments, my site won't load when they are down and the site is slower to load because of their plugin. My only hope is that when their site comes back up I'll be able to dump the comments and import them into WordPress.
I wanted to take a minute to mention a new project that Marcin and I have started that we're calling SSLFail.com. One of the primary purposes of the site is a gallery of images of sites with failed SSL due to invalid certs, bad domain names, etc. Browsers can add more and more protection against sites with poor SSL implementations, but until these big players on the web ensure they have valid SSL, users are going to continue to click through these error messages.
This isn't all the site will be though. Expect to see future discussions on our reasoning for the gallery, as well as tips and tricks and anything else.
We've already added two additional contributors. Jay Graver and Romain Gaucher.
I got my first smart phone about 2 years ago. It was the UTStarcom 6700, a rebranded HTC Apache. I used it for ~8 months and was a big fan of the phone but it had major battery issues, and even getting a replacement battery didn't seem to help. So I finally got fed up and took advantage of a Blackberry Pearl promotion. Since then, my HTC has sat, untouched. Recently I contemplated installing some sort of Linux on it, and using it as a PDA. It has a large touch screen, a slide out keyboard (that I find rather useable) and WiFi. Then I stumbled across this website, where someone is building Android for the Apache.
The project is still in alpha, and while it states that CDMA is working, the currently release doesn't seem to have working CDMA (I eagerly await the next release). Anyways, I installed it and played and I must say I'm rather impressed with Android. I'd imagine on a phone that's been engineered for it, it's probably amazing. Even on the Apache it looks and feels great. I imagine if I used an iPhone that I'd see these similar slide menus, but I have, so far, successfully stayed away from the iPhone.
Once this build gets to be further along, I think I'll be fairly happy with it. It's fast and looks great. I may even go find a extended battery and carry it instead of my blackberry.
Romain Gaucher mentioned this on twitter and I had to post a screenshot for anyone who hasn't seen it... it's awesome.
So, as I said yesterday, I'm a big fan of Microsoft Tags. There have been many times when I've been out and about and I've seen an ad or poster that I've wanted more details on, snapping a picture of a small barcode is much easier than jotting down the details. However, as I played with creating my own barcodes last night I thought about the security implications of them.
Let's imagine it's a year from now and tags are wildly popular. They are on every concert poster on every light post on the street. They are on billboards, bus schedules and in stores (put a barcode on your box so shoppers can pull up additional product info). Everyone is snapping pics and storing information. It's fast, it's easy and it's convenient.
Now I come along, Mr. Malicious... I visit the Microsoft Tag website and create tags pointing to malicious sites. The site detects if you have a Blackberry, iPhone or Windows Mobile and serves up custom browser exploits. I print out hundreds of these tags and start going into stores and pasting them to products, or walking down the street and covering up the tags on the posters with the malicious tags.
There's no confirmation of the site you're visiting, no testing (that I'm aware of) to ensure the link in the tag isn't malicious. Where's the defense against this?
What if they contain a malicious vcard file that harvests your contacts, or turns your phone into a sms spamming device?
I realize that Microsoft Tag is still a beta product, but I'm wondering what thoughts Microsoft has had around tag security, if any. Before I become to attached, it would be nice to know that when the subway gets Tag support, I won't be killing my phone by snapping the tag to get updated route schedules.
I was unaware of Microsoft Tag until I saw a post the other day that a Tag application had been released for the iPhone. I read a little bit and was rather impressed, but disappointed because I don't have an iPhone. I did a little more reading, however, and found that there were already apps for Blackberry and Windows Mobile (I have both). I've download the Blackberry app and tested on the demo image. I'm really impressed. It was easy enough to snap (even with the crappy camera on the Pearl) and get the page to load. I don't know if these tags are very wide spread or in use, but I'm excited to see them get a foot hold and become popular.
Tags are free to create on the Microsoft website and you can create them for URLs, vCards or Free Text.
I thought this was pretty cool
treguly@ns:~$ host -t txt foobar.wp.dg.cx
foobar.wp.dg.cx descriptive text "The term foobar is a common
placeholder name, also referred to as metasyntactic variable, used in
computer programming or computer-related documentation. In technology,
the word was probably originally propagated through system manuals by
Digital Equipmen" "t Corporation in 1960s and early 1970s. Another
possibility is that foobar evolved from electronics, as an inverted
foo... http://a.vu/w:Foobar"
Simple replace foobar with the search term of your choice.
The Author's page describing this is available here:
https://dgl.cx/wikipedia-dns
Guess what, this isn't a post about the recent Rogue CA presentation... just something I came across that frustrated me.
I recently went to check out adsense to see if it's ever actually made me any money. Being Canadian and using google.ca hourly (since google.com forces me to google.ca I might as well type it myself), I typed in www.google.ca/adsense. I was kicked over to https://www.google.ca/adsense and had the following appear in Firefox
I know it's obvious what the problem is, but let's look at my other screenshots since I took the time to take them.
Now why can't a company like Google get their SSL certs right? How's the general public ever supposed to trust SSL if major web-based companies are too lazy to get proper SSL certs? I'm actually rather disppointed by this. I've actually trained some of my family to not venture into sites with improper SSL certs (or at least investigate them first) and this would confuse them and set all the effort that I've made back several steps.
We always talk about educating the user, and I believe that SSL is something we can properly educate the end user about, however that requires an effort on the part of the website / vendor in question. This time Google has failed.
Two Python libraries have caught my attention lately, the first is lxml and the second is matplotlib. Ideally I wanted to write something short, just to get a feel for the basics of them. The goal was figuring out what I could do quickly so that I could play around with arguments and output, yet still have an actual result. I also wanted a nicely formatted useful XML file to parse. I ended up going with nmap's XML output. I also decided that I would plot the frequency of ports in the file.
Is this useful... perhaps? I could see a sys admin wanting a count of specific open ports on the network or a pen tester wanting to know the most common ports on a target network.
The python script is extremely basic and is called via nmap_port_frequency.py <XML Input> <png Output>. The result is an image similar to this:
The above image is the output from scanning three hosts.
