Plausible Deniability in Threema
2017-05-29
Threema’s private chat feature is worse than useless and desperately needs plausible deniability. The hidden chat feature must be implemented in a way that allows the user to plausibly deny that the a private chat actually exists, up to the point to unlock the application and “prove” it.
In the current implementation of threema, the following problems exist:
Problem 1: One Passcode
Threema uses the same passcode to unlock the application user interface and to show private chats. The problem here is that this only one security token, that once revealed basically renders the remaining safeguards null.
Problem 2; Show Private Chats Leaks Information
The “Show Private Chats” divulges the current state of the application. First this user interface element is only visible when there are private chats. This leaks the information that there is more to get.
How To Get a Stack Trace on Windows
2017-01-09
Getting a stack trace from a C++ executable under Windows is not trivial. The key problem is, that in C++ there is no simple stack_trace function and the Windows API only provides StackWalk, not some handy function like glibc's backtrace function.
I will show you how to get a perfect stack trace under windows for all your logging and debugging needs, like such:
CatLight
2016-04-25
I was looking for a simple and good build notification tray icon for Team Foundation Server and I think I just found it: CatLight
Cat light is a commercial usable freeware (not open source / free software) of uncertain providence. The website catlight.io is has no clear attribution to a person or company. Also a whois request only brings up the company WhoisGuard Inc. in Panama. (Suspicions!)
The software is appealing in it's simplicity. It key feature is the tray icon:
If something happens, you get nice toast nonfictions:
If you want to know what the status of the individual builds is, you can double click the icon and you get the status dashboard:
And that is all the there is to the application. Simple and does what it should.
Attribution: The screenshots where taken from the catlight.io website directly and are catio.io's copyright. (I did this because I can't talk about unreleased software.)
Recursive Descent Parser
2016-04-18
Generally I advise people who write parsers to use parser generation tools such as bison and flex. But with small languages it may be advisable to write your own recursive descent parser.
To illustrate how to write a recursive descent parser, I will show you around a parser I wrote a while ago for INI style configuration files. The parser in question is the parse for the cfg library:
Anatomy of a Parser
But before we go into the code, first a little bit of theory.
Parser are generally split into two bits, the lexical analyser (lexer) and the actual parser. The lexical analyser takes a stream of characters from a file or any other source and converts this to a stream of tokens. These tokens are then consumed by the parser and converted into an abstract syntax tree (AST).
If you would write a compiler for a programming language, you would now pass the AST to an optimizer and code generator. But when reading simple data you omit these steps and just generate the data.
Digital Ocean - a Breath of Fresh Air
2016-04-11
I recently came across Digital Ocean, when researching wrecker deploy to AWS EC2. I had to try it out and was amazed at how simple and bountiful it is. I have been using the service for an experimental project for about a month now and have not regretted trying it out.
The tl/dr version is Digital Ocean is like AWS EC2, but with a nicer UI and cheaper.
C++11 Switch on String Literals
2016-03-31
C++11 is has many nifty improvements, one is that you can switch over string literals. The pedantic readers will note, that the standard says you can only switch over integral types and you are right. The following code will not work:
void auth(const std::string& name)
{
switch (name)
{
case "Alice":
std::cout << "Hello Alice, nice to meet you!" << std::endl;
break;
case "Bob":
std::cout << "Yo Bob, what's up?" << std::endl;
break;
case "Charlie":
throw std::runtime_error("Don't trust Charlie.");
break;
default:
throw std::runtime_error("Who are you?");
break;
}
}
But the C++11 standard also brought us the nifty feature of constexpr. This
feature flags function as being able to evaluate at compile time. That is, if
the compiler can evaluate it to a constant expression, that the compiler will
replace the function call with the constant value.
Now take this little hash function from strex:
constexpr
unsigned int hash(const char* str, int h = 0)
{
return !str[h] ? 5381 : (hash(str, h+1)*33) ^ str[h];
}
Now with the help of this function we can hash the strings and thus make them integral types:
void auth(const std::string& name)
{
switch (hash(name))
{
case hash("Alice"):
std::cout << "Hello Alice, nice to meet you!" << std::endl;
break;
case hash("Bob"):
std::cout << "Yo Bob, what's up?" << std::endl;
break;
case hash("Charlie"):
throw std::runtime_error("Don't trust Charlie.");
break;
default:
throw std::runtime_error("Who are you?");
break;
}
}
Now, obviously you don't want to use it in authenticating users, like this little stupid example, but it can come in very handy in cases like parsing input.
Finally, I want thank Serhiy for his/her brilliant Stack Overflow answer
The Theremin & Clara Rockmore
2016-03-09
I must say, today's Google doole blew my mind. Well not the doodle itself, but what I learned after digging further into the subject. The doodle commemorates Clara Rockmore's 105th Birthday. Clara Rockmore is not very remarkable, except for the fact that she was one of the first theremin players or thereminist and maybe the most famous of them all.
"But what is the theremin?" you ask and this is a very good question. A question that captivated my the better part of this afternoon.
Windows Services with node.js
2016-02-01
node.js has become my go to technology when I need a quick and dirty solution to automating a task. Occasionally these are tasks that run constantly and monitor something to trigger an action. Now, (unfortunately) I work mostly with Windows systems and node does not integrate cleanly into the service architecture. Writing a service wrapper does not sound like to much fun...
But luckily, NSSM exists with it's rather bland website and meek appearance. The Non Sucking Service Manager is a gem when it comes to wrapping programs to act as Windows services.
To get a node instance running copy the nssm.exe, the standalone node.exe and your script with all required dependencies armed into one folder. Open a command line prompt with administrator rights and execute the following command:
cd myservicedir
nssm install MyNodeService node.exe myscript.js
That's it! As long as the system is running, so will the script be executed. Obviously you can read all the luscious details about NSSM in the rather good documentation.
OpenGL Transformation Library
2016-01-11
Modern variants of OpenGL are awesome and powerful, but when working on small OpenGL demos and test projects the simplicity of OpenGL's immediate mode is unbeatable. Unfortunately since OpenGL 3.0 there is no immediate mode rendering anymore.
When toying around with some effects I decided to write a small library that implements the OpenGL immediate mode transformations. It is written in C and needs nothing more.
You can get the library over at github: https://github.com/rioki/glt
BowTie Review
2015-11-29
I was recently asked what I think of BowTie, as a user of jekyll. Now my avid readers may know (yes you two), I don't use jekyll anymore. But generally I like the core concept of static website; since they are way more efficient. So I took a look around and sized up BowTie.
BowTie is basically a managed jekyll website. They provide git hosting of the site and automatically build and deploy a copy, once the changes hit the central repository. This all sounds similarly to Githup Pages, except for commercial use. Additionally to these basic features, they have always on SSL, a payment/paywall, user management, front end templeting, analytics and an email service. This to the tune of $5-$82 per month.
BowTie very elegantly solves a problem ...
... that nobody has.
Newer Posts Older Posts