Booze that glow under a blacklight
15 December 2009, 23:38
So, I’ve experimented with my friend g… tonight about booze that glow under a blacklight because we needed to design a drink for a client and here’s a list of our findings.
Note: alcohol wise, a lot of things in my bar were left out because they were not expected to glow (so please no comments about “you didn’t try that” unless you know that it does glow), otherwise comments about this or that glows are welcome!
Doesn’t glow:
- vitamin B12 (yes, reportedly working but not for us!)
- galliano
- lemon juice
- ice tea
- ice tea powder variants (they ruin the thing)
Doesn’t ruin glow but doesn’t help:
- cointreau
- crème de menthe (i guess cream minth in english)
- soho
Glows in the dark:
- blue curacao (marie brizard’s curaçao bleu)
- bacardi limon
- midori (melon liqueur)
- Peach schnapps
- vodka
- 94% abv alcool (probably only available in quebec)
- redbull (with an award for doing it with style: nuclear waste look)
- rockstar juice
- and a lot of the “watery” juices we tested: peach, citrus, grapefruit
As a side note, redbull is amazingly trippy under a black light! It ended up contributing to 25% of our recipe.
Just had a great night making sure all that was “human” consumable.
— Olivier Bilodeau
gmail offline with prism on linux
14 December 2009, 00:26
As I said here before, I am a mozilla prism user and I really like the fact to have my email (an important application) separated from my browser. If only to have two separate task bar entry but also so misbehaving sites won’t crash the whole email + browser deal (I often have more than 20 or so tabs open)… Anyway that’s not today’s point.
When I read that offline gmail was going official (also add to that the fact that I was already enjoying offline email access in the metro with my android) I decided I wanted to give it a try (through prism of course!). I never thought it would be that complicated.
Links and fix details after the explanation
First, prism doesn’t advertises itself as a version of firefox to extensions so when you try to install google gears (required for offline access) it just plainly tells you that your browser is unsupported. To fix that, you need to modify the gears’ extension installation metadata so it will install itself over prism.
Then, there is another hard-coded version check in gears extension (introduced in 0.5.30.0) so you need to modify another file in the extension’s distribution. Took me a little while to figure that one out since there was no error message whatsoever.
As I already suffered through these steps myself, I just modified the gears extension and tested that it worked for myself (linux + firefox 3.5 + prism 1.0b2) and, as a gift (we’re near christmas), here’s the file:
- Download (link above by the way)
- open your prism-enabled gmail, click on the bottom-right corner on the prism menu, select tools then add-ons
- drag and drop the .xpi you just downloaded into the add-ons window
- restart your prism and enable offline gmail (in settings -> offline)
For the gory details, check the links below, these guys did all the work (but for mac, so I post for the linux guys).
Related links:
— Olivier Bilodeau
An Android Moment
10 December 2009, 01:34
My Android ADP1 crashed on me last weekend. I did what I could at the time: extensive googling, trying stuff and finally reported a bug.
Wait! What I most importantly did in retrospect was to take a nandroid backup of my phone. It wasn’t easy, I was glad to have used fastboot before.
Anyway, the reason for doing a backup was: I couldn’t wait to troubleshoot more or wait for help on the bug because I needed a phone! So I did a backup and wiped / reflashed my phone. It started working again, to my relief.
At this point, I knew that my data would be recoverable in a binary obscure way from the images grabbed by nandroid. What I didn’t expect is that I could continue to troubleshoot the bug in the emulator. It turns out that I was able to do so using the -data flag and providing my backed-up data.img.
After some input from a google engineer, I realize my problem looks like yaffs2 corruption. yaffs2 is the filesystem used by android for the things it stores on flash memory. To simplify things, a copy of all the code / apps is stored on the user partition in dalvik-cache/ and some important file in there was corrupted preventing my phone to boot.
Here’s the ha-ha moment: I deleted the content of dalvik-cache/ in my backup image (a copy of it of course!) and the emulator booted and showed me my home screen! It was like I got my old phone again!
Now, I’m able to visually backup my data through the apps themselves and all. It was a level of flexibility I seriously didn’t expect!
Cheers to the google engineers!
— Olivier Bilodeau
Clever attacks changing the game of online banking
31 October 2009, 14:00
Here’s a little reaction from MIT’s technology review article: Real-Time Hackers Foil Two-Factor Security
What is interesting to notice here is that for attackers it is probably easier to get system compromised (through web browsers vulnerabilities) than to steal bank account credentials.
Think about it for a second, lets assume that the user isn’t fooled into using his bank account website without the padlock (https). Then to steal credentials without system compromise means to do a TLS man-in-the-middle scenario (exploiting other vulnerabilities such as ASN.1 parsing). Then immediately feed the bank website with the credentials received if the dongle is a timer-based one. A much more complicated scenario than to serve malware on a website and wait for infected PCs to phone home.
So since it’s easier to compromise why focus on stealing credentials and have a little window of opportunity (dongle timer), why not just piggyback when a user authenticate and push POST in the background while the user is doing his stuff. Well, that’s just what happened.
Now, what is the security industry going to do next?
Banks could send harden computers to its customers and ask them to perform banking transactions only on these PCs. Haha like that’s going to happen.
Of course, the ideal solution would be to establish that the system hasn’t been compromised by malware or establish trust in the system so to speak. There is work being done in that field as part of the bigger Trusted Computing technology push. But this is far from being able to remotely attest the trust in a piece of software as complex as an OS. And then again, you would have to do the same thing for the browser (another complex piece of software). Then, each and every patch would change the hashes so people trying to attest the trust would need to track that.. We are really not there yet..
Being realistic, more granular authentication is what is going to happen. If a transaction stands out in some parameters (target account, amount, etc.) then you would be prompted for another 6 digits of your dongle. At the expense of user experience, more security would be achieved. The question is, how long before attackers figure out the weakest link in this new chain?
— Olivier Bilodeau
Great minds: John Carmack
18 October 2009, 17:28
A few years ago I downloaded John Carmack’s keynote at QuakeCon 2006. For those who don’t know, John Carmack is the co-founder of Id software, a company who revolutionized PC gaming industry with titles such as Wolfenstein, Doom and Quake.
When I downloaded it I had the intention of doing a public viewing of it at University. I was student representative at the time and I wanted to start an activity where we would view talks and then discuss about it. Of course, as with many ideas and project I have, I’ve never got around to do it.
Anyways, I was browsing my hard drive trying to free some space the other day and I stumbled on the talk and watched it. It’s good! Really good!
John speaks for more than one hour non-stop fluidly jumping on various topics such as:
- parallelism
- multi-platform development
- game development
- software engineering
- management
- less powerful game environments (cellphones, Nintendo DS)
- Id’s open sourcing views
- and even more…
I really enjoyed it and, even if its getting old, would recommend to anyone interested in software in general.
I’ve lost the original download link but here’s one I’ve just found: QuakeCon 06: John Carmack Keynote Address
— Olivier Bilodeau