Perfect Password Paragraphs

Over the last few months at least in the streams of information I typically consume, direct issues: Security Now topic of Password Haystacks, xkcs’s comic, Coding Horror, and indirect: Scott Hanselman one and two. Have all commented on the issue around passwords and strength and the need for better passwords.

In this post I am putting forward a novel approach: which as an homage to GRC’s Perfect Paper Passwords and accordingly have titled my approach:

When high entropy 16, 32, 64 or even 128 character passwords are just not secure enough!

Let’s jump right in with a sample, here I’ve mocked up the very familiar facebook interface with a nice large textbox to put in your Perfect Password Paragraphsâ„¢.

Perfect Password Paragraphs facebook log in modified

Disclaimer: if you’ve gotten this far and haven’t begun to appreciate the humour I’m so sorry, please don’t send me hate mail.

Features:

  • A big text area where with probable difficulty you have to type 100+ words to authenticate.
  • Typographical errors are ok as long as they are consistent for you.
  • A flow of sentences following a theme/style just needs to sound like the individual attempting to gain access.
  • “Sound Like” is a trademark (patent indefinitely pending) of Josevski Research Corp, is the flux capacitor grade specialty of this authentication system.

Comparison metrics:

  • Writing style
  • Choice of punctuation, frequency of commas, periods, ect.
  • Grammar choice.
  • spelling (American vs British English).
  • Consistency of spelling errors.
  • Choice of tense (present, past, and future)

Future Features based on demand:

  • International support.
  • 1337 sp34k.
  • Baby talk.
  • Obscure localised slang.
  • Pig Latin.
  • iOS, Windows Phone 7 and Android Support.

Alpha product coming online in 6-8 weeks 😉

Advertisements

PowerShell Recursive Rename for an SVN directory

On a large repository, I was attempting to rename the SVN tracking folders that are nested at every directory level, I needed to do this because of a difference in the leading character ‘.’ (period) vs ‘_’ (underscore). I know this could have easily been resolved with a new fetch but I wanted to avoid a lengthy download over a VPN connection.

I thought I would just quickly list some PowerShell commands I was playing with to clean up the repository as a blog post.

The closest I got to a solution but with a lot of errors/warnings during the process was:

Get-ChildItem * -Recurse -force | Where-Object { $_.Mode -eq "d--h-" } | Rename-Item -force -newname '_svn'

It seems the -force parameter was required. I’m not sure why it errors but it still works. Further investigation would be around how many times the commands run per directory, possibly too many times. Another avenue for investigation is the -silent parameter but that’s likely only going to obscure any issues.

Just for reference here’s what else I tried, these did not succeed.

Get-Childitem -path . -include .svn -recurse | Rename-Item -newname {$_.name -replace '.svn','_svn'}
Get-Childitem -path . -include .svn -recurse | foreach { Rename-Item .svn _svn }
Get-Childitem -path . -recurse -include '.svn' | foreach { Rename-Item .svn _svn }
Get-Childitem -path . -recurse | rename-item -newname { $_.name -replace '.svn','_svn' }
Get-Childitem -path . -recurse -include .svn | move-item -destination _svn

If you’re a PowerShell expert feel free to correct my possibly misguided attempt at a recursive rename.

Update 29th Dec 2011
I stumbled upon someone much more clever undertaking a similar rename process. In this case jQuery text, but the logic serves the same purpose it goes and renames content of the files that logic can be replaced with the move-item command.

$find = 'jquery-1\.4\.4'
$replace = 'jquery-1\.5\.1'
$match = '*.cshtml' , '*.vbhtml'
$preview = $true

foreach ($sc in dir -recurse -include $match | where { test-path $_.fullname -pathtype leaf} ) {
    select-string -path $sc -pattern $find
    if (!$preview) {
       (get-content $sc) | foreach-object { $_ -replace $find, $replace } | set-content $sc
    }
}

SoSlow Data Import for StackOverflow Data-Dump

Just as a quick update post on my on going series of posts on using PLINQ on Stack Overflow data-dump.

In my initial post where the core of what I was doing was outlined, at the time the popular (and quickly found) option was to use a series of stored procedures made available by Brent Ozar to import the XML data into a SQL database.

XML into DB

Brent recently replied back on the original post tipping me off to an easier more convenient way to get the data into SQL.

… There’s an even faster way to import the XML files now using Sam’s SoSlow.exe tool. You give it a connection string (including the database name) and it’ll create the tables and import the data. Just FYI – it doesn’t warn you, but it does delete and recreate the import tables every time. It’s dramatically faster too.

I’m all for an “easier” and “better” approach, so I gave it a try.

The first step was to get a copy from Sam Saffron‘s GitHub respoistory

http://github.com/SamSaffron/So-Slow/downloads

It is a small C# WinForms application with 3 buttons, so the use of it very simple and suits well with the also simple layout of my PLINQ demo application.

SoSlow Interface

In under 15 minutes all the data was imported (results will vary depending on your machine configuration). This will help out keeping the data more up to date when the next public release of the data is made available.

StackOverflow DataBase Successfully Created

SDDN October: Silverlight with RIA and using MVVM

I just got home from the attending the October Silverlight Designer and Designer Network (SDDN) meeting. It was a trillogy presentation from the Readify guys, Jordan Knight, David Burela and Philip Beadle.

Who respectively presented on:

  • Connecting Silverlight to RIA,
  • Binding data to Bing Maps and
  • A testable Silverlight architecture and development approach walk-through

There was also an announcement for the 2010 Melbourne Silverlight CodeCamp, with registrations now open at the SilverlightCodeCamp.com.au. The schedule is still open for volunteers to offer up presentations. It will be run at the new NAB training facilities. The registration site was mentioned with the footnote of “it’s not tested yet” which at the time of this post seems to be the case, my registration isn’t being processed correctly or at least there’s no feedback of success.

First up Jordan ran through the basics of using .NET RIA Services to produce a simple data-bound Silverlight website log-in component. It included demonstrating how to use attributes to decorate the RIA based entities to assist with validation that can be shared server side and client side. The benefit being a visually well designed Silverlight application can benefit from robust validation logic, and make use of it through field level bindings to easily display validation feedback to the user.

Next up was a quick presentation from David showing us data binding capabilities of data collections to Bing Maps, to produce overlays and interactive features on a map view. He should be posting the material up soon on his blog, including some code snippets that will make achieving what he demonstrated quick and easy.

The final presentation from Phil, which was nicely presented using Prezi.com was all about putting together a collection of tools and concepts to develop a robust and testable Silverlight based application. It focused around using the Model-View-ViewModel (MVVM) architecture/design pattern. It included examples of regular unit tests, automated UI tests, and integration tests, making use of an Inversion of Control (IoC) framework called Unity a Microsoft Application Block up on CodePlex and the Visual Studio 2008 Test Edition. There’s a bit of a discussion going on at StackOverflow about Unity.

Some key things that Phil pointed out to stay up to date with Silverlight and of course to assist with building more testable Silverlight applications include:

All up, a good round of presentations.

Woo Hoo – 3D Video Effects in PowerPoint 2010

Full disclosure: This is way off topic for my blog and I just wanted an excuse to embed a Simpsons episode in a powerpoint presentation.

Inspired by this post on the PowerPoint MSDN Blog and its associated YouTube video, demonstrating the ability of PowerPoint 2010 to use DirectX and hardware support for its rendering engine. Great effects can be achieved smoothly. Like a lot of us (most unwilling to admit), I’m impressed by reflection of a video as it plays.

Slide Show Preview

Slide Show Preview

Setting up the 3D Rotation Effects were also easy:

Format Video

Format Video

Same goes for the Reflection effect:

Format Video Reflection

Format Video Reflection

Enjoy:

Reflection Overflow

Reflection Overflow

Now saving this pptx file showed me that in-fact the video file is embedded, so it’ll make moving the pptx file easy (so long as it doesn’t require to be emailed).

File Size

File Size

Once a video is added you can make use of it on several slides, and use the ‘Trim Video‘ feature to select a section of it for each slide.

Trim Video

Trim Video

2 Slides each with a segment of the video:

Reusing Video

Resuing Video

The presentation file along with the video that was embedded, there is only 1 copy of the video in the pptx file.

File Size of Multiple Video Copies

File Size of Multiple Video Copies

Using SketchFlow First Impressions

I’m kicking off a new personal project, and I thought this would be a good opportunity to plan out it’s flow of operation using SketchFlow (get a 60 day trial of Expression Blend 3 here). I intend to develop the application in ASP.NET MVC, not Silverlight. So what I will be outputting from Blend will only be used to refine the UI and get initial feedback from colleagues and friends.

The power of SketchFlow is to create quick informal sketches of screens and to start mocking up interaction through animation (transitions, visual effects). It’s not designed to create final polished artifacts, existing tools already do this well, such as Adobe PhotoShop. So far it seems to be working well.

So I thought I would summarise some initial tips and issues I’ve already had to deal with in the form of questions (and answers).

What if controls in design mode aren’t behaving as you expect?
This was a simple issue, I had forgotten I had placed a transparent rectangle (factor 20%) over a a few groups of controls. Once I adjusted their z-order using Order.. send backwards/forwards, it was working fine. I chalk this up to it having been a while for me in using a tool like this. When controls overlap, you can select controls behind them but not perform all the actions you would like via mouse actions, i.e. resizing is blocked. So either un-overlap them to resize, or use the property windows.

How do you set the default screen size in SketchFlow?
The screens I’m sketching are for a website, I wanted to sketch them down the page so needed a larger Y pixel range. I wanted to adjust the default size of new screens so I wouldn’t have to manually change each new screen. I was unable to find a setting that is per project, only an application wide setting via menu: Tools… Options…

Setting the Default Screen Size in SketchFlow

Setting the Default Screen Size in SketchFlow

For my use I would have liked to see new screens spawning off an existing screen set to match it’s height and width, tho a feature like that may upset users who want default setup screens every time.

How do you create reusable components in SketchFlow?
The approach I’m using is to create “Component Screens” that can then easily be dragged onto other screens. I’m doing this initially for my heading/navigation. But instead I’ll demo creating a reusable login component (the steps are identical).

Create the components on any screen (new or existing), and select them individually via the “Objects and Timeline” window or on the screen itself (if a new blank screen CTRL+A works the fastest).

Objects and Timelines window

Objects and Timelines window

Then right click on the collection either on the screen or in the “Objects and Timeline” window and select “Make Into Component Screen…”

SketchFlow right click action - make into component screen

SketchFlow right click action - make into component screen

That brings up a dialog, so just give your component a name:

Make Into Component Screen Dialog

Make Into Component Screen Dialog

Now you have a new “green object” on your SketchFlow Map, you can simply drag it onto other existing screens, or use the little drop down menu below it to select “Insert a Component Screen” which will add it to the existing screen you drag it to.

SketchFlow Map Insert a Component Screen

SketchFlow Map Insert a Component Screen

Am I enjoying using SketchFlow… Will I keep using it… Will I keep blogging about this…

Yes

Visual Studio Team Test 2010 – Vic.NET Session

Last night I attended the August Victoria.NET user group meeting and it was a good session and it’s timing was great marker to wrap up my sudo-holiday and get me blogging again.

The first topic was about Visual Studio Team Test 2010 presented by Anthony Borton which is a preview of his Aus Tech.Ed 2009 presentation, see Anthony’s blog post.

The second topic was to be Team System Database Edition in Visual Studio 2010 but was called off after the presenter had their flight delayed out of Adelaide.

Back to Team Test 2010, which has some great features in particular features to assist with being able to reproduce issues (bugs) raised by testers. The most impressive was the ability to easily record tests, parameterise and repeat. An example is to launch your application executable perform a few steps, and using a simple control selection tool select a control (i.e. textbox) and use that in the test’s Assert action. In conjunction with the macro recording ability to generate automated user interface tests, when a test fails all the environment details are easily submitted as part of the bug report – operating system version, current memory usage, event log dump, screen shot, extra description fields, and a video recording of the test machines screen. Yes a video recording, to catch the actions of the tester who isn’t sure what exactly they did.

The next impressive feature was it’s virtualisation integration (“Lab Management”), assistance in managing both the environments and the snapshot’ing of state for a given test. Making it possible to go back a significant duration back in time to re-create an issue (conditional on snap-shot retention policy).

In summary Team Test 2010 has some very nice features to greatly assist; recreating issues, reusing tests, reporting bugs.

Additional notes I took away from the presentation:

  • There are some 64-bit issues with 2010 beta’s in particular making use of MCE for video recording.
  • The potential for SP1 of 2010 to include integration with Microsoft Expression Encoder to resolve and improve issues with MCE.
  • Take another look at the “Architecture” edition on Visual Studio 2010, as it has had major overhauls to it’s feeble 2008 feature set.

There was also a give-away of a copy of Visual Studio 2008 and a 12 months MDSN subscription, going to a winner who attended a Queensland user group meeting, congratulations to him.

The next meeting hasn’t been scheduled yet but stay tuned to the victoriadotnet site.