Braveterry

SQRL: (Secure Quick Reliable Login): Proposed new web login & authentication system

I came across SQRL from listening to the Security Now podcast on the TWIT podcast network. When I heard about it, I immediately thought, “I want that!” I’m not sure if it will eventually catch on or not, but there are aspects to SQRL that I find appealing.

You can find details about the proposed SQRL authentication spec on the creator’s page or in the podcast where he announced it.

I recently came across an illustrated guide to SQRL that might help with understanding some of the more gnarly bits.

From the SQRL page on GRC.com:

Wishing to login to an online service where an “SQRL” code appears nearby:

The user can tap or click directly on the SQRL code to login,

or launch their smartphone’s SQRL app, and scan the QR code.

For verification, SQRL displays the domain name contained in the SQRL code.

After verifying the domain, the user permits the SQRL app to authenticate their identity.

Leaving the login information blank, the user clicks the “Log in” button… and is logged in.

Behind the scenes:

The website’s login presents a QR code containing the URL of its authentication service, plus a nonce. The user’s smartphone signs the login URL
using a private key derived from its master secret and the URL’s domain name. The Smartphone sends the matching public key to identify the user,
and the signature to authenticate it.

Yeah. So the quotes above are probably not adequately explaining why I’m excited by the possibilities of SQRL. It seems like a simpler way to login, and I like that it doesn’t require you to trust a third party. Clicky the links or listen to the podcast to learn more.

Doozer: consistent distributed data store written in Go

This looks interesting. At work we use a VIP to control which machines are in the live group and which are in the dark (standby) group. We used to use DNS, but the propagation delay caused issues, especially if we needed to roll back a change.

From the Doozer Github Repo:

Doozer is a highly-available, completely consistent store for small amounts of extremely important data. When the data changes, it can notify
connected clients immediately (no polling), making it ideal for infrequently-updated data for which clients want real-time updates. Doozer is good
for name service, database master elections, and configuration data shared between several machines.

Webview Screenshot from Doozer Github page

Repsheet: Local reputation engine for your site implemented as Apache module that stores its data in Redis

From the Repsheet Github repo:

Repsheet is a collection of tools to help improve awareness of robots and bad actors visiting your web applications. It is primarily an Apache web
server module with a couple of addons that help organize and aggregate the data that it collects.

Repsheet attempts to solve the problem of automated defenses against robots and noisy attackers. It collects and records activity of the IP
addresses that access your web sites and helps determine if they are misbehaving. If they are, they are put on the Repsheet. Once there, you can
choose to outright deny them access to your site or warn your downstream applications that the requestor is a known bad actor and that the request
should be handled differently. Essentially, it is a local reputation engine.

Jasmine: JavaScript Behavior-Driven Development Framework

From the website:

Jasmine is a behavior-driven development framework for testing JavaScript code. It does not depend on any other JavaScript frameworks. It does not
require a DOM. And it has a clean, obvious syntax so that you can easily write tests.

FreeMarker: Java Templating Engine

From the website:

FreeMarker is a “template engine”; a generic tool to generate text output (anything from HTML to autogenerated source code) based on templates.
It’s a Java package, a class library for Java programmers. It’s not an application for end-users in itself, but something that programmers can
embed into their products.

FreeMarker is designed to be practical for the generation of HTML Web pages, particularly by servlet-based applications following the MVC (Model
View Controller) pattern. The idea behind using the MVC pattern for dynamic Web pages is that you separate the designers (HTML authors) from the
programmers. Everybody works on what they are good at. Designers can change the appearance of a page without programmers having to change or
recompile code, because the application logic (Java programs) and page design (FreeMarker templates) are separated. Templates do not become
polluted with complex program fragments. This separation is useful even for projects where the programmer and the HTML page author is the same
person, since it helps to keep the application clear and easily maintainable.

Although FreeMarker has some programming capabilities, it is not a full-blown programming language like PHP. Instead, Java programs prepare the
data to be displayed (like issue SQL queries), and FreeMarker just generates textual pages that display the prepared data using templates.

We use Apache Velocity extensively at work in our web content, but it hasn’t seen much in the way of updates for quite some time.

Overtone: Open source live-coding environment & audio collaboration platform written in Clojure

According to the website, Overtone is a “live-coding environment and audio collaboration platform that’s free for everyone to download, hack on and make crazy-cool sounds either individually or in groups.” It is “a musical programming library written in Clojure which uses the SuperCollider audio engine and synthesis server under the covers.”

For a taste of what kind of sounds can be made in Overtone, check out this band’s website. Overtone also supports integration with Quil and Shadertone to integrate synchronized visuals with Overtone audio.

YDN-DB: HTML5 Javascript database library for IndexedDB

OK. So I’m not even gonna lie. I had no idea what IndexedDB was before I came across YDN-DB. I’ve only dabbled with serious JavaScript development so far, and the framework-soup that has arisen in the space rivals Java at this point.

Anyway, on to the website!

YDN-DB is a pure javascript library, which uses HTML5 browser database sunch as IndexedDB, WebDatabase (WebSQL) and WebStorage (localStorage). Most
modern browsers including IE10, Chrome, Firefox and Safari support either IndexedDB or WebSQL. The library can also be used in web client such as
phonegap, WebView and UIWebView mobile clients.

Supports:

Chrome 4+ (IndexedDB or WebSql)

Firefox 3+ (IndexedDB draft), Firefox 10+ (IndexedDB)

IE 6 (userdata), IE7+ (localStorage), IE10+ desktop/mobile (IndexedDB)

Safari 3.1+ desktop/mobile/iOS web client (WebSql)

Android web client, Android browser 2.1+ (WebSql), 4+ (IndexedDB)

Opera 10+ (WebSql), Opera 15+ (IndexedDB)

Code snippets:

var db = new ydn.db.Storage('db-name');
db.put('store-name', {message: 'Hello world!'}, 'id1');
db.get('store-name', 'id1').always(function(record) {
  console.log(record);
});

Indexed Queries

var q = db.from('people').where('age', '>=', 25);
q.list(10).done(function(peoples) {
  console.log(peoples); // list of first 10 peoples
});

var q = db.from('people').where('country', '=', 'US').order('name');
q.list(10).done(function(peoples) {
  console.log(peoples); // list of first 10 peoples from US ordered by name
});
q.list(10).done(function(peoples) {
  console.log(peoples); // next 10 peoples
});

Streaming API for reduced memory usage

var q = db.from('author').where('first', 'starts', input_value);
var ul = document.getElementById('auto-suggestion-list');
ul.innerHTML = '';
q.open(function (cursor) {
  var li = document.createElement('li');
  var people = cursor.getValue();
  li.textContent = people.first + ' ' + people.last;
});

Synchronize with REST backend services

var schema = {
  stores: [{
        name: 'todo',
        keyPath: 'id',
        Sync: {
          format: 'gcs',  // Google Cloud Storage
          Options: {
            bucket: 'ydn-note-data',
            prefix: 'todo/'
          }
        }
  }]
};
var db = new ydn.db.Storage(db_name, schema);
// GET https://ydn-note-data.storage.googleapis.com/todo/id123
db.get('todo', 'id123');
// PUT https://ydn-note-data.storage.googleapis.com/todo/id123
db.put('todo', 'id123');
// DELETE https://ydn-note-data.storage.googleapis.com/todo/id123
db.remove('todo', 'id123');

Hugo: Static Site Generator written in Go

I like simplicity, and nothing says simple like a plain, old, static HTML website. Static websites have some real advantages: they are generally pretty secure, they play nice with whatever source control system you use, and they are fast. A static site generator gives you those advantages plus some niceties like templating and asset reuse.

One of the most interesting things about Hugo is that since it runs on the Go language runtime, you can drop the package on your system of choice and go.

From the website:

Hugo doesn’t depend on administrative privileges, databases, runtimes, interpreters or external libraries. Sites built with Hugo can be deployed
on S3, Github Pages, Dropbox or any web host.

Organize your content however you want with any URL structure. Declare your own content types. Define your own meta data in YAML, TOML or JSON.
Use indexes to group your content however you want.

The next time I build a static site, I’ll definitely give Hugo a look. I found out about this tool from Web Appers.

autojump: A cd command that learns. Works with bash v4.0+, zsh, fish, or clink (Windows) shells

From the autojump github page:

autojump is a faster way to navigate your filesystem. It works by maintaining a database of the directories you use the most from the command line.

Directories must be visited first before they can be jumped to.

Book recommendation: Cool Tools: A Catalog of Possibilities

Who’d a thunk that in this digital, information-wants-to-be-free, give-it-to-me-fast age, a giant, $30.00 coffee-table book about… well… “cool tools” would be so popular? When it arrived and I showed it to my wife, her initial reaction was, “You paid 30 bucks for a catalog? You’re pretty weird.” Then when she sat down and started thumbing through it she got it: “This is a Sears catalog! There are some nice gifts in here!”

So. A Sears catalog for big kids in the digital age. I decided to buy a copy after hearing Kevin Kelly speak about it on the Triangulation podcast.

From the Amazon.com page:

Cool Tools is a highly curated selection of the best tools available for individuals and small groups. Tools include hand tools, maps, how-to
books, vehicles, software, specialized devices, gizmos, websites — and anything useful. Tools are selected and presented in the book if they are
the best of kind, the cheapest, or the only thing available that will do the job. This is an oversized book which reviews over 1,500 different
tools, explaining why each one is great, and what its benefits are. Indirectly the book illuminates the possibilities contained in such tools and
the whole catalog serves an education outside the classroom. The content in this book was derived from ten years of user reviews published at the
Cool Tools website, cool-tools.org.