A blog about what I find interesting.

I just added my google + feed on the right. I don’t post here that often but my twitter and google+ accounts have plenty of updates.

I played my first soccer game here in OKC last night. It was a little different from Wichita Falls, instead of a big open field with barely any grass in the freezing weather; I got to play in a nice warm indoor facility with brand new turf. It’s called Hat Trick . Indoor is a much faster paced game and boy did I feel it this morning. We also had a great game. We came back from a deficit of 6-3 with just a few minutes left to play and won 7-6 with a goal in the last second. I’m looking forward to the next game.

ArEncrypt just got infinitely more useful, which isn’t saying a lot since it didn’t do much to begin with.

http://github.com/KellyMahan/ArEncrypt

The updates add some features for active record searches for encrypted data and comparisons to encrypted values. Before it did only one thing and thats encrpyt a value for the db. Comparisons and searches had to done manually. Now they are just as easy to use as regular active record queries.

For those that haven’t heard, there is a new firefox extension that simplifies what was once a complicated bit of hacking, is now so easy anyone can do it. It’s called firesheep. Basically it’s a combination of a packet sniffer with a built in cookie hijacking mechanism. It’s something that’s been known about for quite some time, but no ones bothered to fix because of the knowledge required and the difficulty in retrieving and implementing the hijacked cookies.

A simple, but costly, solution is that all providers just switch to using ssl for every request. This however has it’s own problems. Each ssl site must reside on a unique ip and port combination. However, since 443 is the standard for ssl ports, it means each site really has to have it’s own unique ip. That just wont happen for most sites. A lot of hosting providers actually use just one ip to host thousands of domains, and only give a site a unique ip when they require ssl.

Another solution is to use ssh proxing. This is what I do when I’m on an untrusted network. Not everyone can do this though, it requires a bit of knowledge and a secure server open to the internet where you have ssh access. Just to make it really easy to switch back and forth I wrote a bash script for the mac to do this for me. First I had to set up a new network location called “Untrusted” and enable socks proxing on port 8887. Below is the bash script.

#!/bin/bash
if [ "$1" = "-s" ]
then
  if [ -f ~/.proxy.pid ]
  then
    echo "SSH Proxy Tunnel appears to be running!"
  else
    echo "SSH Proxy Tunnel appears to be off!"
  fi
else
  if [ -f ~/.proxy.pid ]
  then
    PROXYPID=`cat ~/.proxy.pid`
    kill $PROXYPID
    echo "Killed SSH Proxy Tunnel!: $PROXYPID"
    echo `scselect "Automatic"`
    rm ~/.proxy.pid
  else
    ssh -NCD 8887 user@host &
    PROXYPID=$!
    echo "$PROXYPID" > ~/.proxy.pid
    echo `scselect "Untrusted"`
    echo "SSH Proxy Tunnel Started!: $PROXYPID"
  fi
fi

Just be sure to change your user and host in the file before saving.

I think that the only real solution would require a change to how browsers and servers work. For example:

Instead of encrypting the whole connection maybe just encrypt the information in the cookies. If the cookies don’t decrypt properly then clear the session. Yes people can still grab the encrypted cookie and send it along, so make it a time sensitive thing. When a user logs in they provide a username and password. Both the server and users browser could use this to create an encryption key. The browser and server would also exchange timestamps. Whenever a cookie is presented to the server it would also have to send an encrypted timestamp using the key that was created when logging in. The sever could then decrypt the timestamp and compare to it’s clock. If it differs by more than a set amount then the cookie is thrown out. This could cause some issues for people with really high latency connections, so maybe let the browser set the timeout at login. This way the user can choose how secure they want their connection allowing for those with high latency.

I added a new plugin to my repository on github today.

http://github.com/KellyMahan/ArEncrypt

I just kept running into this same issue every time I needed password encryption. And I didn’t know of any other plugins that accomplished the same thing with such simplicity.

Just install the plugin and in your active record class

encrypt :encrypted_attribute_name

It’s just that simple. On every before save the attribute you named will be encrypted. If the value isn’t changed before a save the the encryption is skipped.

Well it’s been a great 2 years. My little girl is growing up fast. We’ve started potty training in earnest and she is starting to get it a bit.  She is still quiet around people she doesn’t know well, but at home she will carry on full conversations with us, and we can understand parts here and there. She picks up on new words very fast now, and will repeat them back to us pretty clearly. She still loves music and dancing, especially the Disney musicians.

If you want to see more you can find pictures here flickr.com/photos/kmahan_com and videos here www.youtube.com/user/kmahancom or you can even visit Ashley’s own website AshleyMahan.com

Nexus One

If you haven’t heard yet, the google phone is now out. The Nexus One looks like a true iphone killer. It has a better screen, faster processor, more memory, and the most import of all, it runs on android.

I’ll be saving up for one, but in the mean time you can buy it now through t-mobile or on googles new phone store.

google.com/phone

Check it out and let me know if you buy one.

I picked up the wrox book on android development from Amazon. Don’t really like Java, but I love the android phones. Give me some ideas on a good app to develope.

I’ve got a lot more Google Wave invites. Same as before, post a comment about how you found my site and I’ll send you an invite. 15 will go to the first that post, and 15 will go to those that have me as a contact in any other social site (flickr, facebook, twitter, etc..).

I just updated my daughters website with a nice picture theme for wordpress. It will auto update with wp-o-matic from a specific set where I put flickr photos.