Encryption: Hashing

A Hash is a signature for a piece of data. It is always the same size regardless of the size of the source data. Hashing is a one way process, the Hash cannot be converted back to the data that was the source of the Hash. Some common types of Hashing Algorithms are MD4, MD5 and SHA-0.

The smallest change to a piece of source data can produce an entirely different Hash. Hashes are used in a number of ways, the most popular ways in which Hashes are used is for Passwords and File Verification.

Passwords
If we store passwords as clear text it would be possible for a hacker to view and read the passwords. If however a Hash is stored instead, an attacker can view but not read the passwords. This means he cannot know what password generated the Hash. When a legitimate user attempts to login their password is run through the same Hashing Algorithm and the output from this operation is compared to the Hash value stored in the password file. If the Hash values match then access is granted, if not then an incorrect password was input and access will be denied.

File Verification
If you download some software from a website you cannot be sure that what you received what was the author intended you to receive. One way to ensure that you have an original unchanged copy of the software is to compare the Hash value of the software with the published Hash value for that particular download. If these differ, then your software is different to the version you were intended to receive.

An interesting article is this one by Bruce Schneier in which he discusses the weaknesses of MD5 and SHA, the two most common forms of Hashing.

“You go through life, you try to be nice to people, you struggle to resist the urge to punch ’em in the face, and for what? So some pimply little puke can treat you like dirt because you’re not on the team. Well, I’m better than dirt. Well, most kinds of dirt. I mean not that fancy store bought dirt. That stuffs loaded with nutrients. I… I can’t compete with that stuff.” - Moe Szyslak

Encryption: Key Systems

There are two main types of encryption system, Symmetric and Asymmetric.

Symmetric Key Cryptography
With this system the sender and receiver of a message use a single common key to encrypt and decrypt the message. The symmetric system is the simplest and fastest type of encryption, but the main drawback is that the two involved parties must somehow exchange the key in a secure manner. Symmetric key cryptography is sometimes known as Secret Key Cryptography. Probably the most popular symmetric key system at the time of writing is DES. A big advantage of Symmetric Key Encryption over Asymmetric Key Encryption is speed.
Click here for More Information

Asymmetric Key Cryptography
With the asymmetric system two keys are used. A public key to encrypt messages and a private key to decrypt them. The advantage of public key encryption is that the public key can be made available easily to anybody (in fact it has to be for the system to work) and this avoids the problem that faces symmetric key encryption which involves the secure exchange of a single key. The private key is never transmitted.
Click here for More Information

"He who wrestles with us strengthens our nerves and sharpens our skill. Our antagonist is our helper." - Edmund Burke

Zen: Systems Analysis

I have just finished reading a book that I have been reading on and off for the last few months (it lived in my overnight bag and got read in hotel rooms when the bar was shut and the TV was shit, it’s been dragged around a few countries and is looking slightly worse for wear ... ). Its called Zen and the Art of Systems Analysis by Patrick McDermott.

If you fancy a light hearted and possibly spiritual look at what is a normally a very dry and logical subject then give this book a whirl. Some of the quotes are excellent. I have listed a few of these below:

Choose the Middle Way.
Embrace Contradiction.
There are many ways to the Mountaintop.
Over time, Unpleasant tasks become more unpleasant, but difficult tasks become less difficult.
To get to the root cause, ask “Why” five times.
Never base a Technical Decision on Political Issues and never base a Political Decision on Technical Issues.
Never let not knowing what you are doing stop you !
Try to walk in everyones shoes.
Always analyse from at least two angles.
Don’t let precision prevent clarity.
One who has never erred is dangerous.
The goal of brainstorming is quantity not quality.
If it is not recorded, it did not happen.
Windows XP is an abortion. (sorry, made that one up ☺ )

There’s plenty more quotes in the book and it’s a fascinating read. Try It !

"What's money? A man is a success if he gets up in the morning and goes to bed at night and in between does what he wants to do." - Bob Dylan

Command Line FTP on OSX

I’m going to describe the usage of the ‘ftp’ command under Unix on the Mac. Most people at some point need the use of the ftp protocol, even if they are just uploading new content to their home page. A GUI ftp client does not come with Mac but there are a few available, although most are not free.

Besides, why clutter your OS with another utility program when everything you need is available within the Terminal window and the bash shell ? You will probably also find it is quicker than most GUI solutions when you have learnt the few basic commands needed.

For this example we will assume that you wish to transfer a document invoice666.pdf to the ftp site ftp.steve.org

Start your Terminal, and at the prompt type:

ftp ftp.steve.org

You will see a response similar to this:

Connected to ftp.steve.org.
220 SJC_BIGR5 FTP server ready
Name (ftp.steve.org:stevecholerton):

Enter your logon name and press enter, you will see something similar to this:

331 Password required for bilbobaggins.
Password:

Enter your password and press enter. You will see something similar to this:

230 User bilbobaggins logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

You now need to copy your file to the server. Note that you may change directories in the normal manner using the chdir command. To copy your file enter the following:

put invoice666.pdf

You will see a response similar to this:

local: invoice666.pdf remote: invoice666.pdf
229 Entering Extended Passive Mode (|||1670|)
150 Opening BINARY mode data connection for invoice666.pdf
100% |*********************************************| 26 0.30 KB/s 00:00
226 Transfer complete.
26 bytes sent in 00:00 (0.29 KB/s)
ftp>

Thats it. To quit the ftp program type ‘exit’ at the prompt.

If you wished to retrieve a file from the remote server you would need to use the command ‘get’ rather than ‘put’. To delete a remote file use ‘delete’. That’s all there is to it. If in doubt type a ? at the ftp prompt and all the ftp options will be listed for you. If you need further help you can type ‘man ftp’ at the command prompt ($) and the manual for the ftp command will be displayed.

"Between two evils, I always pick the one I never tried before." - Mae West

Securing Your Wireless Network

Lots of people run wireless networks within their business or home. It’s easy and simple and as far as many people are concerned their network is available for them and only them. It is a fact however that the signal from a wireless Access Point (AP) may be detected and used from many metres away. This means the house down the street, or the business next door may be using your wireless network and if they wished, looking at your data as it passes over the airwaves.

There are a few simple things that you can do to protect your privacy.

Change Your SSID
A SSID is the public name of your wireless network. SSID stands for Service Set IDentifier. Many people leave this set to the factory default, which may be LINKSYS or 3COM or similar. Change the SSID to something that describes your own network, this will at least ensure that people do not accidentally connect to your network instead of their own.

Turn off the Access Point Beacon
When you have setup your wireless network there is no further need for your AP to transmit it’s beacon that basically says ‘I AM LINKSYS. I AM HERE’. So within the administration software or webpage that you use to administer your AP, turn off the beacon. This will make your wireless network invisible to somebody who is just scouting around. If they know you have a network already or if they know the SSID they can still see and/or connect to you.

Restrict Access to specific MAC Addresses.
Each network card within a computer contains a Mac Address that is (to all intents and purposes) unique. With some AP’s you can restrict access to your wireless network to computers of a known MAC Address. The procedures differ for each AP and some do not even support this, but if your AP does support this it is worth pursuing. This assumes that you do not regularly have new computers needing to connect to your network. Also be aware that valid MAC Addresses can be sniffed from your network and the attacker can spoof his MAC Address so that it looks like yours ...

Change the Admin Password on your Access Point
This one goes without saying. If you haven’t already, do this. Do it now.

Run Encryption
Turn on the encryption option on your wireless network. If you don’t I can load a program such as E******* and see the logon and passwords you are using, the letters you are typing and your secret cookie recipe. With software such as E******* I can see every image you load on every website you visit. It’s that easy. If you only have access to WEP encryption then use it. Otherwise use WPA or WPA2 if possible. WEP encryption can be broken by a skilled attacker in under 4 minutes. If offered a choice of how many ‘bits’ do your want for your encryption, go for the highest. Always.

I hope the above benefits someone. There is lots more advice available if you need it, try Google, or leave a comment on here and I will answer it as soon as I can.

"Dreams that do come true can be as unsettling as those that don't." - Brett Butler

Goals: Be Specific / Set Dates !

Today I have looked again at my list of goals. I have gone through each of them and applied a date. The psychological effect of this was immediate. Each goal has now taken on a focus that never existed before. This simple act has make the biggest difference and changed both my focus and my mood. I have a much clearer direction than I had previously. Who would have thought? Thanks again to Steve Pavlina for the advice ☺

Mr. Burns: Quick Smithers. Bring the mind eraser device!
Smithers: You mean the revolver, sir?
Mr. Burns: Precisely.

Strengths Finder

I recently did the StrengthsFinder test online via Gallup. What is StrengthsFinder? The Internet-based StrengthsFinder Profile is the product of a 25-year, multi-million dollar effort to identify the most prevalent human strengths. The program introduces 34 dominant "themes" with thousands of possible combinations, and reveals how they can best be translated into personal and career success. In developing this program, Gallup has conducted psychological profiles with more than two million individuals to help you learn how to focus and perfect these themes.

My top 5 main “themes” are shown below:

Command

Significance

Intellection

Maximizer

Achiever

Having read the full explanations for each of these, I consider them quite accurate. I have passed them on to a couple of colleagues for feedback as to whether they also think they are accurate. So far it seems to me that this quick and cheap test could be useful to do when hiring certain employees. It at least appears to give an insight into their personalities in a way that will not necessarily come over in an interview.

“English - Who needs that? I’m never going to England!” - Homer Simpson

Courage

I was reading an article just recently on the Steve Pavlina Personal Development website which struck a chord and I found very interesting. In the article he talks about courage and the article features the following quotes:

Courage is not the absence of fear, but rather the judgement that something else is more important than fear.
- Ambrose Redmoon

Courage is resistance to fear, mastery of fear - not absence of fear.
- Mark Twain

and my personal favourite:

Courage is being scared to death, but saddling up anyway.
- John Wayne

The article discusses the nature of courage and how the amount of fear that you have about something is nothing to do with whether you are courageous or not, fear is necessary and courage can exist despite fear. A courageous person is just as afraid as everybody else, it’s just that they have decided that fear will not conquer them or control them.

Here is the full link to the article by Steve.

“It’s not easy to juggle a pregnant wife and a troubled child, but somehow I managed to fit in eight hours of TV a day.” - Home Simpson

Steve Pavlina

I’ve been reading a lot of stuff just recently from a website called http://www.stevepavlina.com. Steve is a former Games Developer turned Personal Development Guru. Since first discovering his site I have come close twice to deleting his feed from my RSS aggregator, this was for two reasons, namely, his posts are sometimes long and he sometimes talks about his spiritual and supernatural beliefs very openly.

I initially dismissed him as some kind of new age preacher nutcase (Steve, if you ever read this .. Sorry !) but for some reason kept looking at his blog entries and articles. The more I looked, the more I realised that this guy is 100% serious and an incredibly knowledgeable and intelligent individual to boot. Only a small percentage of his articles talk about things that I am not totally comfortable with, and why shouldn’t he? It’s his blog and I can stop reading whenever I choose.

This guy writes very well and also produces audio recordings of some of his articles, which are equally professional. So much of what he says makes sense and I think I can use some of his teachings in my own life. This is not for me a spiritual trip, it is about growing as a person using tools such as defining your life’s purpose, setting your goals and thinking positive thoughts. It’s about using your own brain and your own subconscious to bring clarity, discipline, meaning and happiness to your existence.

He site is well worth looking at, whatever your take on Personal Development.

“You know, the courts may not be working any more, but as long as everyone is videotaping everyone else, justice will be done.” - Marge Simpson

Complexities

Why is it that as I am putting considerable effort into achieving a simpler and more organised life, the universe is conspiring against me and trying it’s very best to make things more complicated. I guess this is one of those ‘tests’ that life throws at us occasionally just to try and keep us on our toes.

I am good at dealing with problems. Most of the time I am at my best under pressure, reacting in a calm and capable manner and I firmly believe that problems are there to be solved and sorted, and that we learn and grow from the experience.

Occasionally though, something will test me in a manner in which I am not easily capable of dealing with. Normal rules do not always apply and it is easy for us to confuse matters by inventing our own logical explanation in an attempt to deal with the situation. Logic is most certainly in the eye of the beholder.

Stuck between a rock and a hard place ? Yes, at the moment, I guess I am.

“It takes two to lie. One to lie and one to listen.” - Homer Simpson