Public-key cryptography should replace text passwords

The recent leaking of almost 10 million passwords from LinkedIn, eHarmony and Last.fm is unsettling to say the least, but it has left me wondering…why are we still using text-based passwords?

We already use public-key crypto to secure and authenticate our interactions with websites via SSL. It seems straightforward to have all computers, cellphones, etc. generate a public and private key per user, and then any website they wish to authenticate to can store the user’s public-key. This process is the same used to allow password-less logins to remote servers via SSH, and sites like GitHub and BitBucket already use this technique to authenticate their users for source version control. Proof of identity can be achieved via side-channel confirmation, using SMS confirmation codes, like many sites (including Facebook and Gmail) already do.

This would have some awesome benefits:

  1. People only need to remember passwords to their devices (computers, smartphones, etc.), which is a lot easier to remember.
  2. Users’s accounts at other websites would no longer be vulnerable when a website they use is hacked. There aren’t any passwords to steal! The only thing that could be compromised is their public-key, which is useless to hackers.
  3. Users wouldn’t need to create dozens of passwords to mitigate the risk of any one of their accounts being hacked.
  4. Hackers interested in getting at a person’s data would have to steal or hack an individual’s device in order to copy their private-key.
I am by no means a security expert, so maybe I’m missing something and I’d love to hear counter-arguments. But there is no such thing as perfect security, and I think that given the proper support from device manufacturers (Apple already does a great job with their keychain built into the OS), this could be a breeze to end-users and it would make everyone’s data a lot safer. Coupled with the ability to remote-wipe and track devices (like the Find My iPhone service), this seems like a no-brainer solution to a long-standing problem.

Make Eclipse Run Blazingly Fast On Mac OS X

If you use Eclipse on OS X, you’ve probably been frustrated by how slow it can be. As it turns out, this can be easily improved upon!

Eclipse uses Java 1.5 by default in OS X. This is probably for compatibility reasons, but I don’t know for sure. Regardless, I got a huge boost by modifying my eclipse.ini with the following settings:
-Dosgi.requiredJavaVersion=1.6
-XX:PermSize=256m
-XX:MaxPermSize=256m
-Xms1024m
-Xmx1024m

The key change is the first line, Dosgi.requiredJavaVersion. Make sure it is set to 1.6. The other settings deal with the amount of memory allocated to the JVM for various purposes. The settings I’ve listed above may be too aggressive if you only have 4GB of RAM, but you can play around with them if you want, or leave them as they already are configured. The important thing is changing to Java 1.6.

You may be wondering, “where can I find the eclipse.ini file?”. You need to navigate to the Eclipse application in Finder, then right-click and select “Show Package Contents”. Then open the Contents/MacOS folder and you’ll find your eclipse.ini. Spotlight will not find it because it’s inside the application bundle. Of course, you could also use Terminal, but I’ll assume that if you use Terminal, you can find it on your own ;-).

Enjoy! This made Eclipse much faster / more responsive for me.

By the way, if you’re still on OS X Leopard, the default JVM there is 1.5. I’m not sure (since I don’t have Leopard anymore), but you might need to adjust your Java Preferences. See: Selecting Java version on OS X Leopard.

Quickly enable robust Python logging throughout an application

Sometimes it’s helpful to quickly enable logging in a Python application so you can peer into what the libraries you depend on are doing under the hood. Many libraries include logging, but in order to see the messages they rely on you configuring a root level logger in your application’s “main”.

It took me longer than I’d hoped to get this set up for a script I was working on to test out some ideas, so hopefully this post will save someone else some time.

In your application or script’s main file or thread:

import logging

logging.basicConfig(**{
    'format': '%(asctime)s - %(name)s - %(levelname)s - %(message)s',
    'level': logging.DEBUG
})
logger = logging.getLogger()

Beware gotcha when using HTML comments in Firefox

Just spent far too much time on this little gotcha, hopefully this saves someone a lot of frustration!

Let’s say you have some markup, like so:

<div id="someContainer">
    <span>Some text</span>
</div><!-- someContainer -->

It’s relatively common for people to put a closing comment to help match up closing tags. I personally don’t care for it because it adds bytes to your HTML and a decent IDE should make it clear which opening and closing tags are paired together. Nevertheless, a lot of people do it, including some people I work with.

Where you can get into trouble is if you decide you want to comment out that markup, like this:

<!--
<div id="someContainer">
    <span>Some text</span>
</div><!-- someContainer -->

Both my Eclipse IDE and the Chrome and Safari (WebKit-based) browsers had absolutely no problem with this. But Firefox thinks that a comment open tag has been left open, and it produces mangled HTML as a result!

If you are seeing weird behavior in Firefox, check your HTML comments!

Learn to be an iOS Developer from the best, without paying tuition

There are some really great resources available if you want to learn to develop for the iOS platform (iPhones, iPod Touches, iPads). But perhaps the best resources out there, are free! Professor Paul Hegarty of Stanford teaches CS 193P – iPhone Application Development, and all of the lectures are available for free on iTunes U!

Here’s everything you need to get started:

The Lectures

Xcode

Xcode is Apple’s comprehensive App development tool suite, including tools to write code, graphically build your app’s user interfaces, debug, and measure performance. It’s free if you’re already an Apple Developer, but if you’re not, you can buy it for $4.99 on the Mac App Store. (Note: it is a huge download, more than 4GB. Go do something else while it’s downloading!)

Syllabus and Homework

The course materials can be found here.

One final note: these materials were produced before iOS5 and Xcode 4. However, the updated lectures for these newer versions should be posted in early November, 2011 (soon!) That said, I’ve taken some of the classes already, and I haven’t had any issues even though I’m using the newer version of Xcode.

Recommended Prerequisites

You’ll be best prepared to dive right into iOS development if you have prior experience with:

However, if you’ve got enough drive, these deficits in experience are merely obstacles to overcome. Apple’s tools for iOS development amount to the most advanced and straightforward graphical application stack I’ve ever seen. An awful lot of the scary and complicated stuff is handled automatically for you, and you can mostly build your entire applications in Interface Builder by dragging and dropping the buttons, sliders, etc. that you need to make your app tick!

Disabling Chrome’s Obnoxious HTML5 Form Validation

Has anyone else been bitten by this recently? You’re making a form for your website, and you need to collect the user’s email address. Rockstar web developer that you are, you use Google Chrome to test, and you’re using the fancy new HTML5 <form> tags. You maybe have something like:

<form id="signupForm" method="POST"><code>
<input id="email" name="email" type="email" />
<input id="passwd" name="passwd" type="password" />
<input id="confirm" name="confirm" type="password" />
</form>

And then you go to test out your form in Chrome. You type in a bogus email address to test your server-side input validation.

And when you hit enter to submit the form, you see this:

Where did this come from!?! Chrome apparently tries to do its own form validation. Which is great I guess, but not when you want to do your own custom validation.

Luckily, this is easily disabled using the “novalidate” attribute in the <form> element, like so:

<form id="signupForm" method="POST" novalidate>

Finalist Investor Pitches At TechWeek Compete

Now that TechWeek Chicago, has come and gone, I wanted to share with everyone the presentations of the top five finalists of the midVenturesLAUNCH COMPETE competition. For those of you who weren’t able to attend, COMPETE is a competition between 35 startups, selected from a pool of applicants, for over $100,000 in cash and prizes. They were judged by an expert panel, including Sam Yagan, Co-founder of OkCupid.

The finalists were:

  • BabbaCo, an online store of great products for busy parents.
  • Chute, a cloud-drive service for backing up, syncing and sharing your photos.
  • Forecast, a new app that lets you and your friends share where you’re going to be!
  • gtrot, a social travel site for people to share travel plans and get advice from their friends on destinations.
  • Safety Book, a web-based home inventory tracker and safety recall monitor.

BabbaCo ended up winning COMPETE, congratulations to them, and to all of the finalists!

Customize the default size of your Terminal in Ubuntu

If you’re like me, you can’t stand the default dimensions of the Terminal window in Ubuntu. Luckily, there’s an easy way to fix that for good!

First, right-click on your Terminal shortcut, and select Properties from the context menu.

Then modify the Command “gnome-terminal” (which is the executable name) to:

gnome-terminal --geometry=150x30+600+600

The first two numbers, 150x30, is the width and height of your window respectively. The second two numbers, 600+600, are the coordinates of where you’d like the Terminal window to appear when you launch the program.



This should work in most other flavors of Linux as well.

Getting bashrc to work in Mac OS 10.6 Snow Leopard

I just got a new Mac on Wednesday, so naturally I’ve been configuring it to my liking bit by bit. I made the discovery that Snow Leopard doesn’t seem to support /Users/yourusername/.bashrc out of the box.

No worries though, there is an easy fix!

Open up Terminal and type:

sudo vi /etc/bashrc

Then at the end of the file, add the following line:

source ~/.bashrc

Then, cd to /Users/yourusername and create a .bashrc file. If you’re not sure what you’re going to put in it just yet, at least do the following:

touch /Users/yourusername/.bashrc

So that you don’t get an error next time you open a shell ;-).

Hopefully that saves someone else some time!