I just finished a PDF Merger Application for those who don’t have access to a command line. Check out the link on the right. Let me know if you want features!
Since our wedding is at a winery, it makes perfect sense to use wine bottles as part of our centerpieces. However we wanted to use custom labels instead of the winery’s so we had to remove their labels. I looked around the Internet for suggestions on how to do this and found this Youtube video: http://www.youtube.com/watch?v=zWVQImPY2Cc. In it they suggested soaking the label off with oxy clean and water in a bath. I tried it and it was an absolute disaster. Yes sometimes it would remove the label cleanly, but more often the label would disintegrate while leaving the glue on. Also oxy clean is a nasty skin irritant so your hands will burn like crazy. With a little more search I found the following technique to be faster, cleaner and less painful.
Required Supplies
- Goo Gone Spray Gel - Other adhesive removers may work, this was just the cheapest. Also the spray bottle made life so much easier. One bottle can do about 50 wine bottles
- Large Kitchen Sink
Instructions
-
Spray the label with a generous coating of Goo Gone.
-
I tend to do 8 at a time. Let the bottles sit for 30min while the Goo Gone works.
-
You know the bottle is ready when you can see a discolored line around the back of the label. Also you can easily peel up an edge of the label in one whole piece.
-
Now the bottle is ready, run a gentle stream of water over it, grab a corner and start peeling. The label should come off in one continuous piece.
-
Once you are done peeling you should have the complete label off. Use a soapy sponge to clean the bottle and you are done!
To set the current Oracle schema that objects/queries will executed against, run the following code:
ALTER SESSION SET CURRENT_SCHEMA=FOO;
I was getting ready to throw out a bag from Chipotle when I looked closer as saw that someone seemed have forgotten to fill in all of the text before they sent it to the printer. I’m sure they have printed millions of these, and it would be horrible to have missed placeholder text after paying all that money.
For anyone who doesn’t know Lorem Ipsum is a set of placeholder text commonly used in graphic mockups when you want to demo a font/design without people getting caught up in what the words say. The double edged sword is that since its so innocuous, it can also get overlooked if people are not paying very close attention.
This is an example of how to do the secure hashing for use in Spring Security. However that git repo is only availible over IPV6. For those who do not have access to that, I have reproduced the file below:
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.InvalidDataAccessApiUsageException;
import org.springframework.security.authentication.encoding.PasswordEncoder;
public class SHA512PasswordEncoder implements PasswordEncoder {
protected Logger log = LoggerFactory.getLogger(this.getClass());
private final int iterations = 200000;
private final String algorithum = "HmacSHA512";
@Override
public String encodePassword(String rawPassword, Object salt)
throws DataAccessException {
StringBuilder password = new StringBuilder("1$" + iterations + "$");
try {
KeyGenerator keygen = KeyGenerator.getInstance(algorithum);
keygen.init(512);
SecretKey hmac_key = keygen.generateKey();
password.append(Base64.encodeBase64URLSafeString(hmac_key.getEncoded()));
password.append("$");
password.append(this.calculateHash(hmac_key, iterations, rawPassword));
} catch (NoSuchAlgorithmException e) {
throw new InvalidDataAccessApiUsageException("Could not use hmac512", e);
} catch (InvalidKeyException e) {
throw new InvalidDataAccessApiUsageException("Bad hmac512 key", e);
}
return password.toString();
}
@Override
public boolean isPasswordValid(String encPass, String rawPass, Object salt)
throws DataAccessException {
log.info("Checking hash " + encPass + " to Pass " + rawPass);
String[] hash_parts = encPass.split("\\$");
if(!hash_parts[0].equals("1")){
log.error("Bad hash version! " + hash_parts[0]);
return false;
}
int valid_iter = Integer.parseInt(hash_parts[1]);
SecretKey hmac_key = new SecretKeySpec(Base64.decodeBase64(hash_parts[2]), algorithum);
try {
String calcPass = this.calculateHash(hmac_key, valid_iter, rawPass);
if(calcPass.equals(hash_parts[3])){
return true;
} else {
log.error("Hash " + hash_parts[3] + " does not match, calculated " + calcPass);
return false;
}
} catch (Exception e) {
log.error("Could not run validators.", e);
return false;
}
}
private String calculateHash(SecretKey key, int iterations, String password) throws InvalidKeyException, NoSuchAlgorithmException{
ArrayList hmacs = new ArrayList(iterations);
byte[] output = new byte[64];
Mac hasher = Mac.getInstance(algorithum);
for(int i = 0; i= 0; i--){
hasher.update(hmacs.get(i));
}
return Base64.encodeBase64URLSafeString(hasher.doFinal());
}
}
I have been getting calls from an automated voice system with a spoofed caller id number ’223-2′. When I pick up i claims to be from the National Credit Union Administration and says that my pin has been compromised. It next asked for my card number so I could reset my pin. Duh, complete scam! However all my attempts to find out who really called me so I can report them to the police have been frustrated:
- 800notes only supports full phone numbers
- Google shows a million search results.
- Finally my phone bill claims that I got an incoming call from myself the one time I picked up. The other calls I ignored don’t even register.
So I’ve opened a case with my phone provider and written this blog post in the hopes others will be warned.
Unfortunately I ran into one of the major problems with hosting your own servers last night. Around 2am the power went out for six hours and as a result this site had to come down. I think it could have lasted through the night if I had tried, but my battery backups beep like crazy and I can’t sleep as a result. Next time I have to replace them, I need to find ones that I can say “Duh there is no power, now shut up and keep the internet working!”.
I’m working on a rewrite of my website and have been struggling with how to store passwords reasonably despite all the advances in password hacking that have come out in the past year. As a result of that I have been researching password strengthening systems such as bcrypt and scrypt. I like the rationale behind both of them but don’t like that they each use non standardised components. So I propose the following for password hashing:
- Generate a 512-bit random string.
- Generate a SHA-512 HMAC using the password as input and the random string as the salt.
- Store the output of the HMAC
- reHMAC the password and the last output X times (I recommend 100,000).
- Each time you HMAC the output again, store it in an array.
- Once you hit the limit take the array of outputs and HMAC them iterating through the array backwards.
This requires all the memory that scrypt suggests without using another random number generator. Also it uses a standardised hash algorithm with a large amount of internal state. Thoughts?
Background
- Java as a Language
- Java EE as a Platform
- Setting up a Java Project
Tools
- Eclipse IDE
- Maven Build System
- Jenkins Continuous Integration
Typical Architecture
- Logging – Logback
- ORM – iBatis
- Controller – Spring
- View – JSP
- Templating – Sitemesh
Examples
- Helium.chotchki.us
- Chotchki.us / JSafe
- Getting to Helium –
ssh -L 9999:helium.chotchki.us:80 -N chotchki.us
My finance got a nasty surprise when she was shopping last week. A store clerk asked her if she would like 3 free magazines. When she got home she discovered how nasty getting out of those “free” subscriptions is.
She got to call an automated line 1-877-754-4894 and jump through some deep voice response menus to get anywhere. Even then based on my Googling there is no guarantee that the subscriptions have been cancelled.
In short beware of anything free.