1 comment

I was talking to a friend about passwords and I came to think of this:

The always epic XKCD is of course right, choosing four random words as your password is better than choosing a series of numbers and letters. Now the comic makes it a little bit too geekish maybe, talking about bits of entropy and whatnot. But the way I always learned to calculate brute-force strength is by taking the “degrees of freedom” or in other words, how many possibilities there are, times the number of times you have that possibility, i.e. how many instances of this thing you have. So if you have a 4 digit pin-code, there are 10 possibilities for each number, 0-9, and you have 4 of them. So you have to go through 10 * 10 * 10 * 10 or 10^4 or (degress of freedom)^(number of instances).

I’m pretty sure that’s right, but correct me if I’m wrong, please.

Assuming it’s correct, choosing a password out of just letters, big and small, lets you have 54 degrees of freedom. 27 letters of the alphabet * 2.

If we include numbers and some signs, we can make alphanumeric passwords that are stronger. Using for example 0-9 a-Z and !”#?%&/()=?_-, we get 77 degrees of freedom.

But let’s assume that a word, is one thing. It’s not a number of letters, it’s one thing. There are about 20,000 common words, and most dictionary-attack dictionaries contain maybe 50,000 words, but let’s be on the modest side and assume 20,000 words exist that you are allowed to choose from. That means in a passwords based on only words, you have 20,000 degrees of freedom.

So let’s plot the strength of a password to the number of instances of the type that the password contains.

The horizontal line I’ve put in is at four words. So the way to read this graph is by following that line. A word-based password has the same strength as an alphanumeric password of length 9 or the same as a letter based password of length 10.

It’s interesting to note that alphanumeric and just plain old letters are very, very similar in strength. Adding a 0 at the end won’t make you that much harder to break.

I’m pretty sure I can remember up to 6 random words strung together, but I’m absolutely sure I can’t remember about 16 random alphanumeric characters, which is of the same strength.

So when you’re choosing your next password. Make it 4 random words and you’re pretty much all set security-wise. Though make sure that all-together the four words are longer than 10 characters, or you can’t brag that our password is safer than those other peoples password

In the end it’s all about remembering them right? And remembering 4 words is pretty damn easy.

Click here if you’re interested in the few lines of code for the graph.

# The design process of my iPhone application – SimpleCards

be first to comment

If you follow me on twitter (or via the side-bar here on this blog) you might know that I’ve been spending some free time on making an iPhone application.

It’s finally in the store and if you want it right now instead of reading this blog entry then go over to www.simplecardsapp.com.

I wanted to write a little bit about how this app came into creation, since it’s my first one that I’ve actually put on the store.

I get a lot of ideas, maybe 1-2 ideas a month that are good enough for me to write down. My selection process of what I actually then work on is something like this:

1. Write down the idea very concisely. I actually didn’t do that with SimpleCards but just kept it in my head. Usually not recommended to do, but sometimes it’s a useful method to sort out ideas too. The ones you can keep in your head for a long time are usually better.
2. Sketch it out roughly on paper, either UI right away like I did for SimpleCards, or just put down some more details into the idea to see if it could work and how it should work.
3. Sketch it out in photoshop or omnigraffle to get a better idea of if it’s actually doable.
4. Start coding.

If at any point in this process I see that it wouldn’t work or it’s just not as interesting as I first thought, I just stop working on it.

SimpleCards is a flashcard app that intended to replace the normal paper flashcards that I use a lot. When studying Japanese you have to learn the Kanji (chinese character), the hiragana (pronunciation) and the what it means. So when you use normal flashcards with 2 sides you actually loose out a little bit of practice because you always get pronunciation and translation on the same side. So not only did I want a super-simple (as simple as paper) way to flip through flashcards, but I also wanted to be able to have 3 sides per card.

Now to show a bit about the creation process of SimpleCards, as I said I got this idea and kept it in my head for a while. I kept thinking I wanted it and thought about it for maybe 1-2 months before sitting down and sketching it. Which resulted in the next picture.

SimpleCards initial sketch

Then after doing this I still liked the idea really much, pretty much the same day I started transferring it to the computer and putting in some more detail with OmniGraffle.

SimpleCards graffle

I thought this looked so good that it was a real motivation booster. Everything seemed to work and it was just as simple as I wanted it. I then checked out maybe 5-10 apps of the competition and saw that no-one had the one critical feature that I designed my whole app around: Multiple sides per flashcard.

I then spent two weekends coding this thing and got out a beta version following my own design. In the picture above nothing is real, it’s just sketches, in the picture below, all the screenshots are real from the actual application.

SimpleCards prototype

I do know however that what sells an app in the Appstore is design, graphics and nothing else. I also know that design is my extremely weak point. That’s why I got the excellent Anders Davén who I’ve worked with before to do the design for me. As Emma said, “It’s like upgrading from a Mac from 1995 to the latest OS X”. As you can see below, it truly lifted the app from being something only I would use (a fathers love) to something everyone could use!

SimpleCards finished version

So then the App was done! I created a website for it to be able to link to it (and to help you guys, readers, find it), and to be able to promote it a bit easier. That website is www.simplecardsapp.com.

So now that you know how it was created, go download it!

Get it even if you don’t plan on learning new words. Here are some alternative uses for it:

1. Shopping list
2. Memorizing names of people
3. Counter for how many times you have swiped across the screen
4. Pretending you’re learning a language.

and so on and so forth…

And once  you get it, make sure to rate it 5 stars and write a good review! ;P

# I made a profile/projects page

For a long time I’ve been wanting to create one page that showcased my history as a developer a bit, but also put focus on some of the development that I do just for fun. I’ve sketched at designs and I’ve even gone so far as to do mockups in HTML. But I’ve never finished one (until now). That is because I always ask myself “Who is this for?” “Why am I doing this?” And I haven’t been able to properly answer any of those questions. But recently Emanuel made a cool little project page for himself (surely more useful than mine simply because it’s readable and abbreviated enough) and that pushed me over the edge to finally finish mine. I still don’t know why, but I’ve taken a snapshot of it to put on the blog here for future reference. The link to the live page is http://ique.github.com. This is what it looks like at the time of writing:

Projects page

# Dynamic LaTeX documents with Clojure and Fleet

I can never decide wether to host code stuff on my code blog (that is very inactive and no-one reads) or here where someone might see it. I like this little tidbit so I’ll post it here.

For whatever reason that we don’t need to get in to here I will probably need to create dynamic LaTeX documents in the near future. That is, pull in a bunch of figures from a database and put them into a LaTeX table. I will do all the number-cruching and stuff with Clojure so I wanted to keep my solution as much in Clojure as possible.

I started looking around at Java templating engines but they were all very Java’y and I don’t really like Java. Then I found Fleet which is a general purpose templating engine written entirely in Clojure, well-written at that.

The documentation leaves a little to be desired but from the generous amounts of tests and various tidbits of documentation on the Github page I managed to figure out how to use it. I’ll try to explain a bit of how to use fleet and give an example.

If you like me just want to template one file all you need is the fleet command. However the fleet command returns something called a partial, I didn’t know what that was but managed to figure it out. Basically you give (fleet) three arguments, the first one is a vector of variables that you want to use in your template, the second is the template string; if you have a template in a file you have to use something like (slurp) first to put it in a string. The third argument is just what kind of escaping you want, for LaTeX I just put it on bypass since it’s not important.

But here’s the thing, the partial that (fleet) returns is a function expecting the arguments that you gave in the first vector to the (fleet) command. My LaTeX template example:

So after running the (fleet) command with [number] as the first argument, I run the function (partial) returned by (fleet) with the argument of a number. Now this number is used in the template where I have used <(str number)>:

I just took the standard LaTeX template and put in the Fleet templating engine’s syntax for clojure interpolation.

When I now run the partial with the argument that I told it to take; It returns the interpolated template as a string. I then spit that string to a file and run a shell command to turn it into a PDF. And voilá, dynamically generated PDF’s that are fast and consistent.

# Banzai – the social manhunt!

Update: Ericsson Labs has now posted on their blog about the challenge.

I’m back from DreamHack and things went down well. The last task was a bit too hard (well, impossible really – until we released clues) but otherwise we got a very good response.

The best thing about the event was however that me and Emanuel participated in the Ericsson Labs developer challenge. So this is a story of how I won a PS3 by proof of concept alone.

The goal of the competition is to develop the most creative, useful or fun mobile or web application that uses at least one of the APIs available at Ericsson Labs.

Your application must be a runnable example and you must be able to show that your idea works. However a few flaws here and there won’t hurt.

This was the competition. Use some of Ericssons tools that help developer do fun things to do something fun.

The whole process was extremely fun actually! It started out by me having an idea about doing some classical positioning-game, like tag but with GPS locations and covering a city or something like that. The idea has been tried and proved many times so I thought it would be quite trivial to implement a copy of that idea. But the idea had a few flaws, when talking it over with Emanuel we bounced the idea back and forth a few times and came up with the best concept we could.

On the day after, we started coding after the first half of our own competition was done, at like 20:00 or so. We stopped coding again at 05:00 with some sort of basic working model of the application. It was pretty intense and we ran into more technical issues like Java not being able to handle SQLite3 rather than coding issues. But at 05:00 we thought we had something good and went to bed, only to get up again at around 10:00 to start working out the finer details and some of the absolute worst bugs (essentially crippling the entire app =P).

After 5 hours or so of more coding on the morning, we demoed the app, got some basic approval and sent in the contribution. We really had no idea If we were going to win or not as the judges gave absolutely no impression of what they thought until the competition was over.

In the end though, we stood up on the stage as first prize winners taking home about 9000 SEK of awesome stuff.

We split it so Emanuel took the phone and I took the PS3 + Rockband, worth around the same amount.

It was extremely fun going from idea to just providing a proof of concept and get rewarded for that, instead of having to put in the additional 80% of work that takes a product from proof of concept to finished.

So what was our idea I hear you asking? It was actually pretty fun. The front-page of our temporary website we put up explains it pretty well.

banzai is all about the fun of the chase. It was originally designed as an urban tag-game played out in real life. Because of the accuracy of the Ericsson Labs Web Location API we switched our market to people with access to large areas to play around in while using some kind of motor vehicle, the urban city-based game might be revised when the Web Location uses GPS to a larger extent.

The game is about finding “the chosen one”. The game is initiated at a given time and place, you choose which games you want to participate in yourself. Once the game is started you will get the location of everyone else. Completely at random, one player will be informed that he is the chosen one. It is then the goal of the chosen one to stay away from everyone else.

# Points

Points will be given at three times.

• When the chosen one is caught, the round is over. At this point, everyone needs to get 500 meters away from each other as fast as possible. The sooner you are 500 meters from everyone else, the more points you get. When everyone is clear a new round will begin! The number of rounds is defined in the particular game you choose to join.
• The chosen one will get points as long as he is not caught, the chosen one is deemed caught when everyone else is within 200 meters of him.
• The other players will get points when spending time close to the chosen one, the amount of points they get will depend on how close they are to the chosen one. The proximity to the chosen one is displayed for each player at all times with a bar diplaying 0 – 100% where 100% is within catching distance.
• So that was it. A screenshot might be in order.

As you can see, a list of players show up, some controls for the map to zoom and stuff like that (all of the map stuff here was one of the Ericsson API’s we used) and your score as well as the distance to the chosen one.

All the locations here for the players drawn on the map were polled every 30 seconds by Emanuels backend server, while I wrote the user interface, map stuff and calculating distances and scoring.

All in all it actually works surprisingly well, and I’m quite proud of having done it in 15 or so hours. The idea is pretty solid as well but obviously needs GPS and not triangulation like the Ericsson API was using.

What is the result of all this? We might get some small recognition withing Ericsson Labs, we own full rights to the idea and code that we’ve done if we want to continue building on it. But the only result I’m really seeing right now, is this.

From the money I will make by selling the PS3 I bought an xbox 360 Elite so I can play Modern Warfare 2 with Emma (and I like the xbox controls more than the PS3 ones). I also bought a new 24″ widescreen display that I’ve hooked up to both my computer and the xbox. So when I’m not playing I have an additional 24″ screen and when I want to play, I just turn on the xbox and switch the screen over with the press of a button.

Pretty awesome.

# Too much awesome

I’ve been keeping quite busy the last couple of days. School takes up a lot but the little extra time I have I spend trying to make a little file upload demo in Cappuccino, which is really awesome. I love being able to code Objective-C and then just refresh my browser to see my application running in there instead of on the desktop.

Another very awesome thing is that I have now been officially approved as an iPhone Developer, meaning I can develop apps on my own phone and if they get good enough I can start selling them in the App Store. The entire application process took only 6 work-days which I have to say is very impressive! I’ve heard of people having to wait months for their licenses so that was pretty awesome. The first app up for development is essentially a phone version of DHG, which I hope can get quite awesome.

There is in fact so much awesome, that I can’t stop thinking about all of this awesome, resulting in me not getting any sleep. The upside of this is that it will result in tomorrow being very much less awesome and hopefully I’ll be able to get some sleep then.

I can’t wait till Christmas break when I’ll actually have some free time!

# 280 Atlas – The future

For the non-technically inclined people reading this you could read it just to gauge my emotions and get a glimpse of the future, but this post will probably not mean much.

Watch this first and read later, you can skip a bit of the start since he really doesn’t demo the new tech until after about half the video. The first half is an explanation of why the tech is needed.

For the first time in a long time I am really excited. I am giddy with expectation and I can’t stop thinking about how much I want to switch over to coding Cappuccino for all front-end purposes.

I don’t like coding HTML, CSS and Javascript. I don’t think a lot of people actually do like it, it’s just something we do because we love the web and that’s the only way to do stuff on the web (give or take).

Now I now what he talks about in the video has been done before, Google don’t spend ages coding HTML, CSS and JS, they use Google Web Toolkit. But I’ve attempted to try GWT but just can’t get it to work. It’s very un-mac like and I frankly can’t even be bothered to get into it.

These guys in the video on the other hand. This shit will rock. Not only does it provide a nice way to interface your app, it provides you with built-in code modularity. I can break up my different front-end functions into modules and have the UI builder automatically interact with the application code.

I have a lot of ideas. Most of them I don’t have time or knowledge to follow through on, but recently I’ve gotten two ideas I do really want to follow through on! I really think they could be good things and I really want to see if they will hold up to scrutiny.

280 Atlas makes me want to follow through on my ideas. I’m not a great front-end developer and not graphically inclined, but Atlas gives me a decent UI to work with from scratch and if the idea holds water I can hire a graphics guy to make it great.

Most my ideas are applications and I’ve always been fascinated by desktop application development, I’ve always thought of it as a much more scientific and “structurally sound” (if that makes sense to anyone else?) process than web development. The problem is you can’t get it out there. You need some sort of vendor to deliver the app through and all my ideas involves being completely computer and OS agnostic, I.E. you should be able to use the app from any computer with any operating system anywhere in the world – that’s how everything should work.

With Cappuccino and Atlas, it could work!

# 2.times { clap_hands if happy? }

be first to comment

Yesterday I participated in a programming contest. Unfortunately the required language was C/C++ or Java, since I have no idea what available data-structures there are in C/C++ we chose (like last year) to code in Java. But the thing is – I haven’t coded Java since sometime last year. Because it sucks. Neither had my partner and we were out a third team-member.

This all resulted in us finishing in 37th place of 40 competing teams
If the language had been Ruby on the other hand I do believe I would have kicked a bit more ass. We had somewhat finished solutions for 3 tasks but were just debugging for like 2 hours on two of them, so we only got one task finished.

The contest was followed by 8 hours of studying electrodynamics. So I spent a total of 15 hours in school… Gonna go get a shower now (after spending the morning reviewing the solutions we had for the other tasks yesterday) and then go back to school again.

Our team-name for the contest was “The Owl Exterminators” it’s a name I use pretty often when I can’t think of anything awesome, it’s a reference to Futurama. Though on my way home yesterday I thought of a perfect team name, it’s witty, it’s Ruby and it shows how beautiful Ruby can be, it is the title of this post.

# Running thinking-sphinx with wrong version

be first to comment

I recently tried setting up sphinx on a rails app with thinking-sphinx and ran into a bit of an issue.

ERROR: malformed or unknown option near ‘–pidfile’.

That was the error message I got and this appeared when trying to start the sphinx server with rake ts:start or rake ts:rebuild.

I installed sphinx via MacPorts and it turns out this (still) installs the 0.9.7 version and not the 0.9.8 version, and apparently the –pidfile option did not arrive until 0.9.8.

What I did to solve the problem was follow the guide here: http://www.viget.com/extend/installing-sphinx-on-os-x-leopard

Even though i had installed it via MacPorts I still needed to install iconv and expat to get sphinx to properly compile.

If anyone else out there on the internets has had this problem and finds this — i hope it was useful.

# Installing MySQL correctly on OS X

be first to comment

If you don’t want to install MySQL via MacPorts for whatever reason and want a clean installation to work with Ruby on Rails and the mysql gem, you need to do this:

Go to http://dev.mysql.com/downloads/ to get the latest version of MySQL (by clicking on Download for Community Server). Download the Mac OS X package format and choose Mac OS X 10.5 (x86). Important here is to choose x86, not x86_64. The pre-installed version of Ruby on the Mac is not 64 bit so installing the 64 bit compiled MySQL will cause them to not play nice together. Install it and the StartupItem so it starts with the computer.

Then when you need to install the mysql gem (because the mysql gem won’t install correctly from scratch and throws some nasty errors), you have to give it some information on where MySQL is installed. So run this:

sudo env ARCHFLAGS=”-arch i386″ gem install mysql —
–with-mysql-dir=/usr/local/mysql –with-mysql-lib=/usr/local/mysql/lib
–with-mysql-include=/usr/local/mysql/include

Many thanks to wonko.com who helped me solving this problem. I am posting it here in hopes that it might show up on google for someone else that need the problem fixed.