OpenBayes Fork

Last semester I did a project for one of my classes using the OpenBayes library in Python. It hadn’t been updated in a very long time and was using an antiquated version of numarray. I found a patch that made it possible to use the library with NumPy, but it was just a diff. I applied the diff and was able to complete my project. In order to do my due diligence, I have published the patched code to Github. If you are interested in that sort of thing, check it out. I’ve also posted my assignment as an example of the patched library.

OpenBayes Fork

Read More

Black Hat USA, DEFCON 18 Pre-Event Briefing

On my way to Las Vegas, NV for Black Hat 2010 and DEFCON 18. I barely got on the flight, and that’s with a confirmed reservation. Apparently Delta does this new thing wherein anyone who books late or after 60-70% of the flight is booked doesn’t get a seat assignment. Instead you have to wait for your initials to show up on a TV screen at the gate. I guess it is a lot like the lottery. I was essentially the last person to board, and a nice couple gave me the window seat. I had a few minutes to start this post on my iPad, which was handy.

Thankfully, this year, I will be attending on behalf of my company and better yet, for real business. As an IS LDP, I’ve managed to land a great rotation within the information security department. I’m primarily working on educating developers on how to write secure code, tools they can use, and implementing new process milestones to ensure that everything is coded securely for that specific case.

Unfortunately, a lot of what we need to cover hasn’t been revealed yet: this year’s exploits. Being in attendance for Black Hat and DEFCON is the best way to get informed, meet people who know what we’re up against, and really understand what we’re doing. That said, I had planned on making the trip to Vegas already, as I did last year for DEFCON. Something about the community at the DC events is just amazing. Your concerns, thoughts, and ideas suddenly don’t fall on deaf ears. Why? Because every attendee knows how deep the rabbit hole goes.

I’m very excited about the talks this year. The residential router pwnage is going to be a popular talk I think, as well as the ATM jack potting. I’ve heard there will be a GSM interception demo at one of the talks, which will be hilarious if it works, so I’ll have to remember to stay off my phone during that one. For work, I’ll be attending the web application and coding talks; especially the Blitzableiter release, as we really need information on secure Flash and ActionScript coding.

What else is there? Oh right, the rest of DEFCON… I’m hoping to get into a few parties this year. I don’t drink, and try not to get into related predicaments, but the opportunity cost is far too great to pass up. The people you can meet just by hanging around the smoking area, even if like me, you don’t smoke, is awesome. Last year I met am ex-Air Force cyber warfare guy, a crazy German with a gambling problem, and a red team teacher and mentor. Okay, that last guy was drunk, but he turned out to be telling the truth and had some very good stories.

The plan for this year? Shed my newbie status and get out there.

Read More

famicam – Face Detection, Twitter and You

Updated: We’re on the front page of hackaday! This was  a joint effort among the members of the FAMiLab hackerspace. Tetsu and myself have been working on this script for awhile and just recently got the cron job running. We’ll update this post later with additional information. Thanks!

Below is a quick note from Tetsu:

We want to give people an open view into our hackerspace, but when we tried a 24/7 webcam with ustream, it was just invasive and creepy. We aren’t there to put on a show for people. We want them to come out and do stuff with us, but people won’t come out if they don’t know someone’s already at the lab.

As a compromise, we provide people a real view into the lab so they can see if people are there, but it replaces their faces with the cartoon face of Ghost in the Shell’s Laughing Man for anonymity.

Yes, it doesn’t catch every face. Yes, it catches faces that aren’t there. Yes, it’s never going to anonymize clothing, which may be more identifying than the faces. But, the way I see it, at least we’ve established a precedent at the lab that we have to face increased surveillance and increased pressure on normal people to install surveillance systems, so we may need to take extra efforts to establish norms of anonymity while staying up-to-date in tech.

Also, if any of you Hack-A-Day readers want to come by the FAMiLab sometime and are concerned about anonymity, I will personally alter your faces out of every photo before upload!

Over at FAMiLab we have on loan a Sony IPELA SNC-RX550N networked camera. It is a very nice piece of hardware; supports pan, tilt, and zoom via a Java applet and web interface. We’re often wondering if there’s anyone at the lab already, so I rigged up a little proof of concept that takes a snapshot from the camera and runs an OpenCV algorithm against it to count the faces in the photo. It worked pretty well, despite a few false positives, so I went ahead and finished it.

The code is up on my personal GitHub account, and you can snag a copy and play with it. I’m using the Python extensions for OpenCV along with a couple libraries to do the Twitter and Imgur integration. For Twitter I’m just using the python-twitter library; for Imgur I actually forked the code that Devon Meunier wrote for pyimgur and fixed a couple bugs.

Check it out, and let me know what you think. It’s very rough code, so bear with me.



Read More

The Mona Lisa in PHP

Recently on Hacker News it has become common place to bash PHP. There was an article posted to the site with a title of “At 14, is PHP Finally Growing Up?” which started a slew of flame bait. I took it upon myself to post this morsel of a comment:

I would like to argue the C language argument here. If I want to shoot myself in the foot, the language should let me. If I want to paint the Mona Lisa, the language should let me. PHP does that.

That prompted a few snarky remarks about which resolutions and to what extent PHP could paint the Mona Lisa.

So I did it.

Rails, OAuth and GameTweet

Yesterday I launched a little tool for twitter using Ruby on Rails, Capistrano (with Deprec), and OAuth called GameTweet. This is the first Rails application I’ve deployed since I started playing with the stack a few weeks ago. The idea for GameTweet came one night when I was thinking about the old TD clan website before the site went down. There used to be a feature for anyone who wanted to be text messaged when a game was about to start where a user could put in their phone number and carrier and any member of the site could send out a mass text to those on the list notifying them when they were going to play. Fast forward a few years into the future and we have Twitter, which works with most phones and can notify users when a message is posted.

The idea was simple: Use Twitter to notify my friends when and where I was playing a game, specifically a PC game.

I remembered that Twitter was implementing a new authentication method which might just work for something like this, as basic authentication always seemed dirty to me. Why would anyone in their right mind hand out their username and password? A quick Google for “Twitter OAuth in Ruby on Rails” and I hit the Twitter OAuth examples. It didn’t take much to fashion the quick and dirty example into a working system. Actually, I’d estimate I was in the single digit hour range as for work involved. It was simple, which seriously scared me. Capistrano and Deprec really made the process extremely painless. More on that later.

OAuth came easy. All I had to do was follow along in the step by step example from Twitter’s wiki and then register my application with Twitter’s OAuth Client page. Perhaps the hardest part was debugging and testing, as the current Twitter system doesn’t appear to have a test sandbox.

So GameTweet was born. Just login to Twitter via OAuth and then type the IP:Port combination of the server you’re playing on, then the name of the game, and hit “Tweet!”. GameTweet then uses OAuth to update your status with all that information as well as a tinyurl to the GameTracker server status page using the tinify_urls plugin.

Capistrano, the Ruby based task automator, is perhaps the single most amazing piece of scripting I’ve seen in awhile. Coupled with the deployment recipes from Deprec, I was able to manage everything from code checkout, releases, deployment and even the Apache configuration all from one “cap deploy”. I managed to get an installation of SMF2 (a php based forum) deploying with Capistrano as well. Really, it is a joy to work with. After making a quick change to GameTweet I just had to run an “svn commit” and “cap deploy” and everything is up on the server with the latest code, database schema, and Passenger restarted the application.

That said, GameTweet has absolutely no test harness. I’m still learning the ropes with Ruby and Rails, but I do plan on eventually implementing a full test bed. OAuth is perhaps not the best thing to start with, but GameTweet was a tool I wanted to use for myself so I built it. Fast.

If you have an idea for GameTweet, want to talk shop, criticize my horrible Ruby on Rails code, or just talk pop me an email using the contact form or send me a tweet.

Read More

New Headset, Space Cadets and More

Well, last night I did something rather crazy which involved jumping up from a game of Counter-Strike and running to the living room. Unfortunately, I took the headset cord with me. I literally ripped the cord in half at the Y connector. I attempted a really horrible splicing job, but couldn’t get it to work. So, off I went to purchase a new headset. There were 3 models on the Best Buy website that seemed like they’d work: GameCom 377, GameCom 777 and the Logitech ClearChat Pro USB. Needless to say, I cheaped out and got the 377.

GameCom 377 Headset
GameCom 377 Headset

Initial impressions were definitely mixed. The sound was good, the cord was reinforced, and the controls were huge. Of course, everything about this thing was huge. For $40, you really got your money’s worth in plastic. The mic tucks away very nicely, but in comparison to the ear cans you’d probably miss it entirely. I honestly looked like a space cadet with those things on. They were pretty heavy, and they made a clear statement: “I have no idea why I’m wearing these, but aren’t they wicked cool? No? Aww, seriously?”

So, my wife came home and I displayed my inner uber nerd and then realized just how crazy these things were. So, a quick check on the return policy, and back to the big blue and yellow box they went. Shay, a good friend of mine and one heck of a shot in Counter-Strike, recommended the ClearChat Pro USB from the start. I gawked at using USB for audio, but this time around I decided I better heed someone’s advice since I apparently have horrible judgment.

Logitech ClearChat Pro USB
Logitech ClearChat Pro USB

Snapped up a pair for $10 more than the 377s and headed home. Opened the horribly designed blister pack and threw them on my head. These things are light. To be honest, it hardly feels like you’re wearing anything at all. The cable is just long enough to comfortably reach my tower, and the thing was plug and play. Vista 64bit just installed them and set my defaults for me. One game of Command & Conquer 3 later and I’m happy with them. Logged into Ventrilo and someone even commented that I sounded much better, easier to hear. Weird. It’s just a headset, right? The build quality is just okay, but if you’re relatively careful (unlike me) they should last awhile. The on ear controls aren’t as strange as they sound. You get used to it.

Anyways, I hope that helps a few people make some decisions on headsets. Just remember that return policy.

Read More

i7 Build is Done

I finally got around to building a new desktop PC. I’ve been working from my MacBook Pro for the last year or two, and its perfect for getting things done and its very speedy. Unfortunately, it simply cannot handle any of my hard-core games. So, in a fit of insanity, I built a new rig.

Components I had to buy to bring the old box up to speed:

  • i7 920 2.66ghz Quad Core
  • GTX 260 896mb Video Card
  • 6gb DDR3 1600
  • X58 Motherboard
  • 550w PSU
  • Vista x64 Home Premium

So far, everything is working without a hitch. I am noticing some interesting things though. For one, I now understand the frustration that everyone has with Windows Vista. UAC is beyond annoying, and sometimes things are a pain to find due to the new start menu. However, the machine is incredibly snappy. Everything runs incredibly fast, and crash recovery is much better. I can alt+tab from a game to desktop and back without a complete reboot, and games run like melted butter. That said, getting my older games to run under 64bit Vista was… fun. Battlefield 2142 apparently requires the patches to be installed in a certain order, and Punkbuster (the anti-cheat scanner) has to be manually updated. All of my Steam games run perfectly though, and the recommended settings are right on par with what I expected. Overall, I was really impressed with how they handled that. The game knew I had a decent machine, and automatically ramped up the settings. I love it.

I’m still running on some old 17″ LCDs, but a friend of mine has volunteered to swap me his dual 19″ for them. I’ll definitely owe him, but it’ll be nice to have matching monitors again. I should be all set, except for my chair, which is the next upgrade on my plate.

Now, the i7 definitely gets my seal of approval for hardware as does the GTX 260, but if you are trying to build a machine on the cheap go for the raw clock speed. The i7 does a lot of things (at the same time) well, but Battlefield is still not as buttery as it should be. I got the EVGA brand motherboard and graphics, which at the time was due to reviews and cost but in the aftermath I think it was a great choice. Why? Because it came with free stuff. Not only did I get the Newegg bonus Call of Duty: World at War, but I also got 3d Mark Advantage, the ELEET overclocking tool and a bunch of discounts. EVGA also offered to let me return my new graphics card and upgrade it to a higher end model within 90 days. That is just amazing, to me. Also, the extra year warranty I get from registering my motherboard is a wonderful bonus.

One day I’ll get around to installing Visual Studio, for now, Counter-Strike and BF2142 will do nicely for burn-in testing.

Read More

ASP.NET Pandora, iTunes Mashup

What is it?

Last week I had some down time and manage to crank out a relatively basic mashup of the iTunes Libary XML file and Pandora’s favourites feed. Essentially my code reads in the iTunes XML file and converts it into a readable form using XSLT then grabs the Pandora feed and compares the two using XPath.

The application is written in VB.NET on the ASP.NET platform. Yes, I know, VB is the poor ugly stepchild language but we use it at work and it was far easier to pick up and go. C# is on the docket for the next project, I promise. That said, I’m hoping to get some Ruby and Python up here too. I just need to get a ticket in with my Linux hosting provider.

Why did you write it?

I wanted to write this application for awhile but I never had the time or the motivation. Thankfully boredom breeds innovation for me. I had started the code months ago and abandoned it after getting stuck on the WebRequest to Pandora. I managed to dig up the code last week and had a few eureka moments which lead to release worthy code.

The reason behind the construction of this application is that I use Pandora every single day. I practically need their radio service to work. One thing that I do when I’m listening is bookmark the songs I like, and mod them up with the thumbs up button. It’s intuitive and quick to do which is great. However, when you’re ready to plop down a bunch of money on new music how do you know which songs to buy? I always forget to update my favourites list to remove the songs I’ve bought, and I’m too lazy to search my iTunes every time I want to buy a song. Sure, iTunes sometimes prevents you from buying the same song twice, but having been bitten by that bug before I’d rather have a third part verify that for me.

Improvements, Ideas, Concerns

The application is very rudimentary and will be sitting on a very restricted shared hosting environment. The code is definitely not rocket science, but it works for the most basic use case. That said, it doesn’t handle advanced searches or merge results for remixes and the like. It isn’t using a special algorithm for matching. It just does a direct XPath contains on the artist and song title. If it doesn’t match, the application will falsely mark it as if it doesn’t exist in your library. Likewise, single quotes are currently not handled correctly because I was lazy and XPath parameterization looked like a pain. This is just a proof of concept.

iTunes XML files can get pretty big. I think my library file was almost 6mb, which is rather large for a web upload. I might look into letting users upload a zip file and decompress it on the fly. Not sure how you’d go about that though. My guess is this application will thrash the server with IO under load.

One of my coworkers/friends suggested implementing affiliate IDs for the various music stores and injecting those into the application in order to generate revenue. If I ever wanted to turn this into a real product that might be a way to monetize, but rest assured that isn’t implemented at the moment. If anyone wants to see this as an actual product, feel free to drop me a line.

Where is it?

It will be hosted on my new domain at once the kinks are worked out. GoDaddy’s Windows hosting is far from perfect, but it gets the job done. Unfortunately, it appears they are trying to proxy my WebRequest and XSLT discovery outgoing sockets which is throwing an error. I have a ticket in to find out what I can do to fix that.

If you are interested in seeing the code I’ll gladly post it. Right now it isn’t up to much and still needs some cleaning up so I’ll leave it off for now.

Read More

Where have I been?

An excellent question. Where have I been?

In the past 12 months I have gotten married, switched jobs, adopted a kitten and moved back to the big city. You could say I’ve been in quite a few places doing any number of things. To explain though, I left WeatherFlow to return to Orlando to be closer to friends and family. Working there was perhaps the best decision I had made as I was able to learn quite a few technologies in a short amount of time, meet some very bright and driven people, as well as work on some amazing projects. If it wasn’t for WeatherFlow I wouldn’t be where I am today.

Where is that, you ask?

Well, I’m currently working for one of the largest defense contractors in the world. I work for the division which creates internal HR Applications for the company. Definitely a change from my usual 6-12 developers in a room and rapid application development. I picked up some legacy ColdFusion code and helped the team hit a couple releases before I was reassigned. From there I joined a small VB.NET/ASP.NET development team working on some internal applications which were eventually shelved, or made it into Phase II.

During the colder months I took on a stretch assignment to help another team which had been working with a 3rd party software vendor. Essentially, I have been testing and deploying the application for our internal team and managing the correspondence with the vendor. I’ve been learning our software engineering process, IIS configuration, account provisioning, writing SOI’s, hosting meetings and trying my hand at application deployment and environment configuration. Really, it has been a great learning experience thus far and I am looking forward to this new fiscal year.

Where do I go from here?

I am hoping to post more code on this blog, as well as start a few new projects on the side. I have a small Pandora/iTunes mashup written in VB.NET/ASP.NET 3.5 which needs a home. Hopefully I can find some hosting shortly and get that one up and running.

This year my goals are lofty:

  • Learn ASP.NET MVC with C# & jQuery
  • Learn Python & Django
  • Learn Ruby on Rails
  • Get Certified, whether its an MCPD or MCTS just do it.
  • Write something useful.
  • Become a better technologist and developer.

As always, I want to keep current and stay on top of the industry changes, and filter out the hype from the reality. Agile this, rails that are great things to investigate but what is the business case? What is the need? Hopefully this year I can find the time to publish some articles recounting those very things from my own point of view.

I hope that brings everyone up to date. I am still here, and hopefully I’ll be posting more in the weeks to come.

Read More

Mike Potter, Adobe – Thanks Guys!

So, I was checking my mail today and a mysterious package arrived from Amazon. Now, it could have been anything but to my complete shock and awe, it was from Mike Potter at Adobe. Here are some blurry photos from my phone:


I had added the cookbook to my Amazon wish list shortly after Flex 3 was released, as I wanted to dive in and learn everything I could about the newest version of Flex. I really appreciate the gift, and to all of the Adobe team, thank you. You guys have delivered a great product, and you really know how to reach out and touch the community.

Read More