Protect That Stuff My Friends

Got a smartphone?  Got a computer at home?  Got something sensitive on there you don’t want falling into the wrong hands should you lose a laptop?

I’ve  had a lot of luck encrypting data.  So far, no major issues.  Here’s what I’ve used, if you have something I should look at, I’d love to hear about it.

Oh and any of these can work for you at home or in the office.  If in the office, just have a management plan as you would any other effort.

TrueCrypt

This is one of my favorites.  I used it on a USB drive and it worked great, like Windows Bitlocker To Go.  Lightweight, open source, free and I can secure things on Linux nicely.  I’ve also used it on my Mac at home too.  Definitely worth having a look-see if you’re in the market for something at home or at the office.

Symantec Endpoint Encryption

Another very easy tool, one that has a lot of merit in an office setting.  I’ve run a management server to manage all the endpoints, but they can run as stand alone managed clients.  Anyhow, one of the unique features I like is taking advantage of the pre-boot authentication.  That way, users have to authenticate well before Windows loads.  And last I checked, Symantec randomizes the location of encryption keys in memory so that you never know where to look, making it more difficult for preboot attacks.  It also has a nice management tool to allow client tokens requests, like a help desk for users when they get locked out.

If you enable pre-boot authentication bypass, you’re drive will still be encrypted, but just make sure you recognize that you’re OS will still be vulnerable to OS or network based attacks.

I’ve personally encrypted a drive with this product, then booted into Ubuntu (or maybe I was using Backtrack at the time, can’t recall), and tried to look at the data on the disk.  Couldn’t do it, encryption worked like a charm.

Bitlocker

I’ve also used this tool quite a bit.  Windows operating systems are encountered quite a bit.  No surprise there.  But if you want something easy to use and built into Windows, take a look at it.  I’ve only encountered a few weird issues.  One example I recall is having some windows updates come through as they normally do.  Then, upon a reboot, Bitlocker asked me for a 48 character passkey (you save that somewhere, say a USB drive, once you enable Bitlocker on a drive) since some changes were made to the system.  I’d expect that if I made changes to the BIOS or something else substantial.  But hey, I don’t know what that update did under the covers, just a regular Windows update.  So I either have to type in that passkey or I can insert my master USB drive and boot to it.  Just keep the master USB key in a safe place or you’ll be hosed.

Also, in practice, I’ve noticed that once booted into Windows, I have to disable and then enable Bitlocker again to get it to quit asking me for the passkey.  Those instances have been rare, but I wanted to share them nonetheless.  I’ve used this on many, many laptops for a couple of years now and it’s been good to me.

Built-in iOS

One more thing.  If you have a smartphone, turn on encryption!  It’ll be in the settings somewhere, just look for it.  Use a password too – no good to turn on encryption if you don’t have a password protecting your phone.  If you have an iPhone like I do, just check out the link above.

I’ve hacked my previous iPhone (OS < 4, I think it was).  It’s much improved and doesn’t have the same vulnerability.  At the time, I believe I used the iPhoneBrowser tool and reset the password using the internal database.  Can’t really recall it’s been a while, but I do remember that being fixed quickly by Apple.  But the point is encrypt it so that’s not an issue.

That’s it.  I just wanted to pass along some tools I’ve used in practice and had good luck with…let me know if you have any comments!

Advertisements

HTML5 Facelift

This past weekend, I thought I developed a new allergy.  It’s not pollen, I already have that allergy.  I thought had I developed an allergy to Internet Explorer.

Here’s what I did to SitterSat.com over the weekend.  I overhauled it in an effort to make it HTML5 compliant.  I want to do a bunch of cool graphic stuff like add a million stars to the page.  Well, no not really, although that is really cool.  Great use of Three.js.  No, instead I bootstrapped it.  Github to the rescue!

The reason I thought I had a new allergy to IE is because when something didn’t work in IE I used to be able to find all kinds of work-arounds to get everything to work fine in that browser.  Things that worked well in Chrome without workarounds.  But it called for all this nasty little code I had to maintain.  This time however, I just grew tired of it.  I’d rather not have all that nasty little code.  So for now I put a disclaimer at the footer of the page for IE users saying something like “This site works fine in IE, but looks better in Firefox and best in Chrome or Safari.”  Fortunately, for us, only 7% of our user base visits us with IE.  Oh yes and I figure very little to none of that 7% is using IE 10 with Windows 8 which actually seems to work fine from my own testing.

So here’s where I think we’ll end up!  Everything should work just fine in these cases:

Safari (41% of user base) – will work just fine

Chrome (46% of user base) – will work just fine

Firefox (4% of user base) – will work just fine in >v17

Opera (0% of user base) – will work just fine in >v12

IE (7% of user base) – will work just fine in >v10

A couple of pain points

Placeholder text

This is a small thing, but placeholder text doesn’t seem to work in IE (< v10).  That’s the nice little text you get inside a textbox to aid you in remembering what the input in that box is supposed to be provided.  The placeholder text eliminates unnecessary labels elsewhere and frees up valuable real estate, plus it just looks nice and cool.

CSS3

Gradients, transitions and animations aren’t doing so well in IE  (< v10).  We’ll just have to look at a non-moving red box.  To accomodate, I’ve added in some text above the box, “Fetching…” which in hindsight is valuable anyhow.  You wouldn’t know what that progress bar is for if I didn’t say so I’m glad that’s in there.

For an example of what I’m talking about, go to SitterSat.com and look at the page while the latest 2 blog posts load on the right hand side.  If you look very quickly (because it may load really fast), you should see something like this bar below (but animating, like an old barber’s pole).  That is, unless you’re using an older version of IE (< v10):

loadingblogstriper

I put this progress bar in to let you know some fetching was taking place.  I changed the way I’m loading those latest 2 blog posts.  Previously, I was loading the posts synchronously which was a real drag, literally, the page wouldn’t fully load until that processing was complete.  Yuck.  Now, I’m asynchronously loading from another domain (sittersatblog.com) using a jquery ajax call.  Partial Yippee.  In Chrome, looks great, very nice, in IE (< v10), not so good, just a red bar.  I will look into caching it, there’s no need to go get that so often.  That’ll be Full Yippee.  Why we have a separate domain for the blog is another discussion entirely.

Now onto the good stuff

So now that’s out of the way.  Let’s move onto what I love about this effort.  It’s certainly not banging away at a keyboard all weekend.  I should mention that all weekend is a bit of an exaggeration, I started Saturday morning and finished up Sunday evening around 9p.m..  And that incorporates the fact that I tinker and tinker and tinker and tinker with the smaller details until I’m happy with it.  That slows me down quite a bit.  During that time, we got a Christmas tree, put up decorations, played with the kids and intervened on a few seemingly pointless kid arguments.  My point is that this mini project was secondary and can be done here and there without too much fuss.  Of course, as I type this I can’t help but reflect on that fact that I have an ever patient wife.

What I love about the bootstrapping process was the clean transition to HTML5 compliancy.  Plus, I got some insight into the geniuses that created all this stuff.  How generous for them to have created it all for public consumption!

Here’s the path I took to get there:

1. Go out and git yourself a good zipball of fun, from github or another source.  I actually ended up using a custom download from Initializr that includes Modernizr.  Inside it will look something like this, as you’ll notice very straightforward:

Bootstrap zipball

– css

– img (glyphicons halflings – they’ve worked out a special arrangement with github so you get these for free)

– js

2. Update your files to HTML5 compliancy (<!DOCTYPE html> and stuff like that).  You can do all this manually, but you can also start with some of Bootstrap’s barebones HTML5 compliant templates and just plug in the dynamic stuff.  I didn’t use a template, but I did take some elements out of the templates, some for use, some for study, like the hero template, navbar (loved the collapsing menu), narrow marketing container and nice large carousel jumbotron.

That’s it.  Oh yes, I love the doctype declaration by the way.  The pre-HTML5 way has always annoyed me.  You’ll probably like the other small changes like meta, stylesheet and javascript declaration changes for the same reason.

Oprah’s Scott’s favorite thing

Best of all, my most favorite thing?  Without question, the responsive 12 grid layout available with bootstrap.  I love it.  It’s not for everyone, but nothing is.  For me, it provides flexibility with ease of use and most of all speed.  I can quit messing around with the basic layout so much, everything is right there in div and CSS, everything I need to move fast.  And it works great for tablets and smartphones.

Previously, I had a couple of inserts of some nasty code, something where I look at the user’s useragent to determine if they are using something other than a desktop browser.  If they were, I changed the look and feel.  While it worked, I never really liked the way it look on smartphones and tablets.  Not only was the formatting slightly askew, I had removed some things from the view.  All this time I had previously spent on making it look good while botching up the code.  It wasn’t that bad, I make it sound worse that it was, but still I just didn’t like it that much.  I wanted something responsive, something where the stylesheets would more appropriately determine where things land and how they look on the page for various screen sizes.  And I wanted my code to be cleaner!  That’s as it should be after all.  It is more so now than ever and I’m happy.

So now that the basic HTML5 implementation is in place, I can focus on replacing some more of my other homegrown code with standard goodies from bootstrap and jquery.  All while trying to implement new and relevant HTML5 specific features.  I just need to think about what those features would be!

Scribd Robot Fruit Hunt Game

October is going to shape up to be a weird month if this is any indication.  Yesterday, 10/1, I stumbled across an eBook I wanted to check out, and so I went to Scribd (really awesome and large online library).  Somehow I came across this hilarious and terrificly simple bot game.

I didn’t have much time last night (about 45 minutes…worked all day, work out until 6:30, dinner/kids, excuses, excuses)…but I was intrigued and wanted to see if I could get a relatively unintelligent robot working real quick.  I think this game has been out there a while, but it was still on github and looked fun.

First things first, go git it (2 minutes, if that – gotta log in!):

git clone https://github.com/scribd/robot-fruit-hunt.git

This is probably more Javascript (33 minutes) than I’ve ever written before. Here’s the gist of it, I grabbed this piece of fruit I’m standing on if it’s worth taking. Otherwise, I ignore it and fan out looking for other relevant fruit (Function goGetRelevantFruitAroundMe(board)).

   trace("Looking for fruit at my position: " + get_my_x() + "," + get_my_y());
   if (board[get_my_x()][get_my_y()] > 0) {
	   typeOfFruit = board[get_my_x()][get_my_y()];
	   howManyOfFruit = get_total_item_count(typeOfFruit);
	   howManyOfFruitOpponentHas = get_opponent_item_count(typeOfFruit);
	   howManyOfFruitIHave = get_my_item_count(typeOfFruit);
	   if ((howManyOfFruitOpponentHas <= (howManyOfFruit / 2)) && (howManyOfFruitIHave <= (howManyOfFruit / 2))) {
		   trace("Found fruit at my position worth taking");
		   return TAKE;
	   } else {
		   trace("Found fruit at my position, but ignoring, already lost category " + typeOfFruit);
	   }
   } else {
	   trace("Didn't find anything at my position, will look immediately around me.");
   }

   //Where's the nearest fruit worth taking (will ignore losing categories)
   return goGetRelevantFruitAroundMe(board);

I can imagine how much you could learn by looking at other things (all doing this under 10 seconds of course):

– keeping track of where your opponent has gone and what they have eaten
– probabilities of each square, likelihood it will do you any good to go after it
– where you started on board and what is most densely populated quandrant in your favor to go after
– picking up nearby categories that can win or halve before opponent does

All kinds of game theory and what not here I’m sure.  But I went ahead and uploaded the bot after adding in some tracing (10 minutes).

Ideally, I’d get more time to come back and really write a bang up bot (with some actual intelligence behind it), more than just a bunch of quick if/else blocks.  But I think I’m supposed to be writing an Android app for SitterSat.