Saturday, November 8, 2008

The End of Annoying OTP's

If you're a student in CS at the Hebrew University of Jerusalem, you're familiar with OTP's (one time password) used to connect to the university servers from remote, submitting exercises, receiving grades and so on.

There are currently two ways to generate OTP's:
  • If you have a java-enabled phone (Nokia only) you can download an application called HOTP which will allow you to generate an OTP with each button click.
  • If you don't have a Nokia phone (like I do) you have to enter a website, fill your unix username and password and answer a CAPTCHA. Then SMS is sent to your cellphone, including 5 OTP's.
Needless to say, the latter option is really annoying, especially when you need to use the OTP 4-5 times in a row while submitting an exercise (connect to an FTP server, use SSH, enter the submission system and so on).

So I decided to create my own OTP client which will be able to generate OTP's locally. The main target was to create a program that will copy the next OTP to the clipboard, which will allow easy transportation of the 5-digit password.

I simulated a download of the HOTP program, and decompiled it (Jad rules). The code was scrambled, but I figured out by using the koders search engine that Java's bouncycastle package is used there. This package gives a lot of encryption services, and here they use the Rijndael (original AES) and the HMAC SHA-1 encryption in order to generate the OTP.

I won't go into further details. If you're really interested in how it works, you can go over the script's source - it's not that complicated.

Some installation details:
  • Very important note: if you're currently using the HOTP application, installing this script (requesting a new HOTP application download) will make your cellphone HOTP application broken. This is caused because the key counter is randomally selected each time an application is generated for download.
    If anyone of you sees this as an important issue, leave me a reply here or send me an email.
  • You'll need ActiveState Python (version 2.4 and up).
  • If you're using other operating system than Windows, you can still use the script, but the clipboard option will not work (only printing to stdout).
  • After installing python and downloading the script, run it without parameters and installation will begin.
  • For further options, use the --help or -h switch.
You can download NOTP from here.

Have a great semester :)

Monday, September 22, 2008

Job Proposals Everywhere

While working I was checking some HTTP headers of random sites, and I stumbled upon these headers:

Server: nginx
Date: Mon, 22 Sep 2008 11:17:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Cookie
X-hacker: If you're reading this, you should visit and apply to join the fun, mention this header.
Content-Encoding: gzip
Vary: Accept-Encoding

So who wants a job? :)

Thursday, August 7, 2008

New Facebook Worm?

I got this mail from Facebook today, notifying about a new private message:

*** sent you a message.

Subject: Hi my friend.

"This is you on hidden cam. lol:"

The site is currently giving a page in polish, but no malware or exploit whatsoever. It probably went down.

The message did not appear in my Facebook's private messages list nor in the notifications, which means that Facebook somehow deleted it from their database.


Wednesday, July 2, 2008

Job Market

There was one, today at the university.

And I stumbled upon this advertisement:

And then I began to ponder... :)

Tuesday, July 1, 2008

Ynet are Ignorants

Quoted from this URL:

What the hell is colliding there?

Credit goes to Segal.

"Being an Adult" Course

It's almost a year since I left home, living here in Jerusalem, and from time to time a thought about a course for "being an adult" pops in my mind.

The last time the thought popped was yesterday night, when I found out that our electricity bill is extremely large than it is supposed to be. So while walking like a ghost in the apartment on 1am while trying to forget about my insomnia, I found out that there are small letters in the bill that says the bottom line it is an "estimation" of our electricity usage (only it's a *7 one).

So, why are there colleges who teach about financial investments, raising babies and so on, but they don't teach you how to be a grown up?

I thought about these subjects as a basic discussion for a curriculum:
  • How to deal with bureaucracy.
  • Taxes.
  • Contracts (work, rental, etc.).
  • Fixing stuff in the apartment (such as blocked sink).
  • Paying bills.
  • Handling car issues (tests, bills, fixing basic problems).
If you think of something else, comment :)

Monday, June 30, 2008

Piracy and Disinformation

"I have a friend" who's downloading music through Bittorrent, Rapidshare and some other http free file hosting sites.

One of the CD's that were downloaded included an inaccurate version of the album, which led me to some thoughts about the authenticity of information you gather from pirated releases.

My friend really liked the album, and his favorite track was "Trail of Life", which he mistakenly thought as the name of the original track.
The mistake has been found later after a friend of his friend went to this band's concert, and retrieved the set list, which named the track "Trail of Fire".

This made both of my friends to go and check, using multiple data sources (the internet and a friend who has the original CD), what is the original name of the track.
Why not trust the set list? Because bands sometimes do not write the exact track names in their set list. Anyhow, the verification showed that the real track name is indeed the one that was written in the list.

Funny thing is, another friend of my friend's friend wrote about this concert in his blog, referencing to "Trail of Fire" as "Trail of Life". Is this a new way to find who is a pirate and who's not?

Moving on, my friend wanted to update his track name and ID3 tag, so he used MediaMonkey to access Amazon cd database and retrieve information about the cd. He was extremely surprised to see that there's another, 9th track which is included in the original release but not in the pirated one.

As it seems, there were two different releases, but one of them (probably) was not nuked properly, so there are two different versions - an accurate one and an inaccurate one, which is encoded in a better quality, but lacks the latest track.

  1. Buy your CD's.
  2. If you're using pirated copies, verify your downloads with Amazon or other CD database like FreeDB or Gracenote's CDDB.
  3. Do not trust strangers.

Saturday, June 28, 2008

MySpace HiDef MP3 Download

I've got some bands I like that publish their music through MySpace, but I was quite frustrated to find out that the streaming music quality that is provided by the site is pretty low.

Then Ami showed me this site, that allows you to download the original mp3 files that the user uploaded to MySpace!.

Just click on audio, and put the URL of the user in the textbox.

I haven't tried to find out what's going on there, but I guess that the links are found in the original MySpace user page, or that someone reverse engineered MySpace's media player and revealed the URL of the original mp3's. Anyhow it's quite a shame for MySpace to put the original uploaded mp3's under their webroot, but I don't care much :)

Monday, May 12, 2008

Python Winamp Control Module

As expected, I'm posting my iWC's Winamp control module here.

The module works without the need of installing a plugin in Winamp, hence it does alot of IPC (some of it is totally undocumented, and I think that even Winamp's developers didn't think of using their media library in such a way, but who cares).

All of the functions are documented beside of the three most complicated ones, because I'm just too lazy - so if you're really interested I can spread some lights on the ugly hacks I did too.

Get it from here.

Requirements: ctypes, win32 python modules (comes with ActiveState's python), Winamp 5+.

Feature request / comments - just leave a comment here.

Have fun!

Friday, May 9, 2008

The Semester is dead. Long live the Semester!

Semester 1A and its exams ended, and the new semester is beginning on Sunday.

This means I've got some spare time to do stuff beside sitting in my room and looking at some papers, so here are some updates on the upcoming projects I'm planning to work on:

iWC - I've decided to discontinue the project, because I've found out this application which allows you to control Winamp, Windows Media Player or iTunes using an iPhone web application. It seems that programming a web application specifically for the iPhone can replace most native applications, and you should give it a try.

However, I'm planning to release the Python Winamp module of iWC, which enables communication with Winamp 5+. I still need to document and refactor it a bit, so I hope I'll be able to release it this upcoming week.

iPhone Synchronization - I'm planning to enhance the currently available iTunes-iPhone synchronization. I know, there are some products which allow better synchronizing, but they cost money, and they are not modular and open-source.

Currently, the main features I'm planning are Facebook synchronization (fetch friends pictures, phone numbers, addresses, websites and so on) and better Outlook integration (such as notes and to-do synchronization). If you have any other ideas, please send me an email or leave a comment.

Smart-Home - I wonder if I shall start working on an embedded project to connect some switches / electronic devices to the wireless network at our apartment in Jerusalem. If you know a cheap wifi microcontroller, please leave a message.

Sunday, March 30, 2008

Some Updates

Hey mates,

Haven't got alot of time to write because of this crazy semester going on...
So this is the last week of semester 1A (the one which started after the strike), and the exam season will begin next week with a fine one in Mechanics, and after that there will be alot of fun with Infinitesimal Calculus, Intro to CS and Discrete Mathematics.

To the more interesting updates: I'm working on a small project, which is currently called iWC and its purpose is to remote control Winamp from the iPhone (possibly creating a similar iPod interface for that).

The iPhone has some remote control applications for your computer, mostly using VNC, but I want a clean and fast interface for song selection, volume control and so on.

So right now I'm working on a module that will communicate with Winamp using window messages (their API is one of the worst I've seen, but is full with funny comments - mabye I'll post some when I'll have some more time). After I'll finish that one I'm planning creating a client using RPyC and pyobjc.

That's it for now - I hope to give more updates soon about my progress.

And until next time... cy'a folks!

Monday, February 25, 2008

80's The Limit

I'm currently "studying" the course "Introduction to computer science" at the university.

Why "studying"? Because I have to, and because I don't really go to lectures because they are boring as hell and useless.

Anyhow, the course has its own coding conventions and style. Most of the conventions are totally fine and agreeable, but there's one that's driving me crazy - "Thou shall not write lines that include more than 80 characters.".
The reason is not specified (as usual here - why specify why to do something when you can just tell the students to do A and B), but I may assume it concerns the 1980's DOS/Amiga/Mainframes 80 chars limit, when working in textual video mode.

So let's count how many graphical operating systems that can display and print lines longer than 80 chars in one line got released by Microsoft(TM) 'till now:
  1. Microsoft(TM) Windows(R) 3.1
  2. Microsoft(TM) Windows(R) NT 4
  3. Microsoft(TM) Windows(R) 95
  4. Microsoft(TM) Windows(R) 98
  5. Microsoft(TM) Windows(R) ME
  6. Microsoft(TM) Windows(R) 2000
  7. Microsoft(TM) Windows(R) XP
  8. Microsoft(TM) Windows(R) 2003
  9. Microsoft(TM) Windows(R) Vista

And they still haven't found the "Change font size" button... too sad.

Limiting line length is good, but why limit it to the ridiculous number of 80? When programming in an object oriented language, creating a line which calls a class method and specifying 2-3 parameters will exceed this limit. So to avoid losing points an evil linefeed needs to be inserted.

The huge problem here, as I see it, is that most of the people studying with me haven't programmed in a real programming language (not Pascal) and doesn't know how a real-life code should look like. This is one of some bad habits they learn in a place that should theoretically teach them everything they should know about programming.

So what's the moral here? Read Code Complete and forget about people who know nothing about programming.

Saturday, February 23, 2008

Guitar Hero and Actual Guitar Playing

Somehow this post managed to stay in my draft waiting for me to finish it for two months, so here it goes.

(If you don't know what Guitar Hero is, it probably means that you just woke up from the dead. So first of all, get a shower because you stink, and then check out Wikipedia).

Some time ago I've seen a comic strip in the internet making fun of people who play Guitar Hero by saying that maybe they are able to finish the game in "Expert" difficulty, but they don't even know how to hold a real guitar and play a basic chord.

This made me laugh mostly because it's true, but then it made me think about it in another way - is Guitar Hero related to real guitar playing at all?

To figure it out I came up with the following questions:
  • Will expert Guitar Hero players learn how to play guitar faster than a non-Guitar Hero players?
  • Will experienced guitar players or expert musicians learn the Guitar Hero skills faster than others?
No doubt a research needs to be conducted to resolve those questions, but I'll try to make some assumptions.

Here are some milestones I thought about that are needed to be achieved in order to gain experience in the game. They are mostly based on my experience and watching new players moving from playing in easy difficulty to hard (I've seen about 5-10 of them).

  • Pressing the first three buttons (green, red, yellow) correctly and strumming downward when needed.
  • Pressing more than one button simultaneously.
  • Dealing with the fourth (blue) button correctly.
  • Starting to connect with the song's rhythm.
  • Using all the five buttons (mostly the fifth, orange button). This implicitly means learning how to move the hand across the "guitar's" neck without looking.
  • Beginning to play a song more by listening to it than looking at every single note.
  • Strumming upward in addition to the downward strumming.
  • Getting used to hard solos.
  • "Parse" a screen full of notes by looking at the large picture, rather than looking at each note.
  • Using the hammer-off / pull-on technique.
  • Quick finger positioning, mostly for 3-string chords (Guitar Hero III).

So basically the important techniques that are being practiced are:
  • Finger positioning.
  • Note reading / parsing.
  • Rhythm processing.
  • Strumming.

Leaving the note reading alone (let's face it – they are not even close to tabs) I think that most of the techniques here are mostly crucial for a fair guitar play. Also I must about myself, that after wasting some time with Guitar Hero and reaching expert difficulty, I really did notice an improvement in my real guitar play, mostly dealing with song rhythms.

So I think that the answer for the first question is yes.

The answer to the second question is much more obvious after the analysis has been done – it's quite clear that experienced players will stumble upon smaller obstacles that the newbies; the things they need to learn is more or less how to handle the fake guitar and how to read the notes quickly. I'm basing that on my flat mate Ami, who is quite an experienced piano player. He finished a song in "Expert" level on his first play ever, and still is the best Guitar Hero player I've ever seen in real life.

Bottom line: not all the games we play are useless: in some we study about vicious weapons and what's the most efficient way to kill a monster, in some we learn how to wear a dog or manipulate George Washington (sorry for the spoiler) and in some we learn how to play a real guitar.

Happy gaming!

Saturday, February 9, 2008

iPhone Accessories and Cargo Tracking

After purchasing my iPhone and before unlocking it, I used to hang out with three different devices: iPhone (for accessing wifi networks and just being cool), cellphone and an iPod.

The main target was to drop down to only one piece of equipment - the iPhone, so first I needed to get my iPod out of the picture.

As you may know, the iPhone usually comes with 8GB of flash memory (a 16GB model have been released last week), so it also acts as an iPod. The thing that prevented me to use it as one was the earbuds that come with it. I don't like earphones, because I got used to in-ear phones after using 2 different models (Apple in-ear phones and a Pioneer model I bought after my Apple one's got damaged by my stupidity and water). Moreover, I didn't like the sound qualify of the earphones that came with the iPhone because they have a weak mid, and more important, bass response.

My Pioneer phones that are used with the iPod cannot be connected to the iPhone because the mini-PL connector now includes a microphone (it's longer than 9mm), so I decided to search for a mid-high end in-ear phones for my new-precious iPhone.

After digging a bit I've found this V-Moda Vibe Duo in-ear phones, and decided to order them. Needless to say, I've already purchased some stuff over the net, and by paying only 5$ to regular UPS shipping I thought I'll get the package in 2-3 weeks, in which I'll be left in the dark and just sit there waiting for the package to arrive (not really).

Two hours after making the deal, I got a mail from v-moda, providing a link to a tracking page that gives information about my package.

Immediately, the following psuedo-algorithm went into action:

  • Wait 5 minutes.
  • Refresh the page.
  • If a new details about the package has been added: go to your flatmates and update them beatifically about the progess, otherwise: complain like an old grandma about the lack of information.
  • Repeat the process until someone from UPS calls and tells you that your package is at the door.

The funny thing is that the whole situation is explained perfectly in this xkcd strip, and that I laughed at Segal while he anticipated a package a month ago while doing exactly the same :)

So the packaged arrived in 3 days (!!!), after passing through Germany and Turkey and I got very happy.

A nice look at the irrational ratio between the headphones and the package itself:

P.S. 1 - for the interested readers (if you got this far) who are interested in details, here it how it looks like:

P.S. 2 - Props to Geohot for unlocking the 1.1.2/1.1.3 OTB iPhones, which allowed me to get rid of my Nokia 6230i too.

Friday, January 25, 2008

Short Term Memory?





Saturday, January 19, 2008

Does XKCD Involves Conspiracy?

First of all, for those of you who are not familiar with XKCD - check it out.

It's a preety famous geek web comic, that got headlines in the past week because it changed a google search string results from two to a few thousands (Slashdot story here).

Anyhow, in the couple of months we're living in the apartment here in Jerusalem, we've noticed this webcomic is getting closer and closer to our reality here (and leave the Guitar Hero strips alone! :)).

So there are two options:
  1. Someone is spying on us.
  2. Our life is duplicated somewhere else in the other end of the planet.


Wednesday, January 9, 2008

Windows XP Performance Tweaks

In the last few weeks, I've been playing with my memory management settings in Windows to enhance performance. After all, nobody wants to wait for his computer to finish doing something.

It has all begun when I purchased another 1GB of RAM for my computer. After installing it, I happily thought I would be able to get rid of the page file (I've heard about some people doing it). The reasons are quite obvious - having a data transfer rate of ~1GB/sec (RAM) instead of ~50MB/sec (HDD) when paging memory.

After removing the page file I was quite happy, or shall I say Windows was happy, until I started running memory consuming applications like Guitar Pro 5, which loads all of its RSE (Real Sound Engine) samples to the RAM. Windows then became pretty sick and told me he is increasing the page file size (of course he can't do that, because I disabled the page file).

So I gave up and set-up a page file of 2GB, but still felt some tasks are too slow for an AMD dual-core 3800+ with that amount of RAM.

Then I started looking for windows performance tips, most of them I knew from my past occupation as a sysadmin, like setting the classic windows theme, disabling visual effects, shutting down the indexing service and more.

Some tips, however, were not known to me and even surprised me a bit.

For example, dealing with file last access timestamp. When Windows accesses a file for read or write it changes a value in the file system known as the file last access time. This means that your HD is busy writing data to itself, even if it only reads files!

All of this is pretty known and trivial, but the less trivial thing is that you can disable this useless option (no application that I know of uses this field anyway) by entering the command prompt and using fsutil:

fsutil behavior set disablelastaccess 1

After setting this flag I've noticed that explorer runs much faster, especially when loading a new directory listing and displaying it.

Few more tips can be found here (check out tips 4,5,6):

And also here:

Saturday, January 5, 2008

Suggestion for a new Facebook API function

After I got a message from a 16 years old girl (does she knows how to write?), I thought about a new function that facebook applications should use:

def is_legit(filrting_girl_age):
    if self.age / 2 + 7 > flirting_girl_age:
        print "What the hell were you thinking!"
        return wtf
        print "All is good, you can go now!"
        return true

Thursday, January 3, 2008

A Degree of Inner Turbulence

(Outro of) Lady Macbeth / Serotonin Blues

"Things have changed, people changed.
Feels like there's so much a weight on every word.
Conversations are heavy, too heavy.
We're trying so hard, for so long and it just exhausts me. Terrified.
There's a line that keeps repeating in my head over and over again:
why does this doesn't change?"

The past two weeks made me think about things I never delved into. The reasons nor the triggers cannot be explained, but I think it's some kind of the depression involved with the weather, strike in the university and just a lot of different stuff that happened to me or to friends of mine that shaken me so much.

A lot of questions have been raised - not all of them were resolved. Not all of them CAN be resolved, in the current reasonable time frame at least.

The only thing I can say is that it's so strange how things are so much entwined one with another; sometimes so entwined it makes me wonder if there's an entity that arranges all this things to happen together - maybe for us to learn more about ourselves, maybe for its own sick humour.

But the thing that I've noticed the most, is that everything is balanced - you can't win it all and you can't lose it all. So we all need to see one's cup as half full and help friends when they see their cup as half empty. That's the true meaning of life.