Julian Assange in his latest episode of The World Tomorrow talks to Andy Muller Maguhn, Jeremie Zimmerman and Jacob Appelbaum. They discuss about privacy, using the internet anonymously, safely and freely, encryption technology, and the importance of web activism.
I have been using Google two factor authentication for a while. It’s probably the reason why I login using my Google id on every possible site I use. I can use a simple mobile app to generate time-sensitive one-time password (OTP) along with my regular password to login.
Google authenticator mobile app allows multiple profiles. This allows any developer to use Google app with their own app authentication system. We just need to develop the server side component to make it work with our web application. It’s not difficult considering Google uses an open standard HMAC-Based One-Time Password (HOTP) Algorithm as defined in RFC 4226.
I spent some time developing python library for the same. It’s a generic library which can be used with any kind of python application. I have a demo web application which kind of gives the flow. The demo application is in no way complete. Don’t use it in your production system.
The block diagram below shows a simple two authentication system using pyg2fa. Your user table contains an extra column called g2fa_code which is a 16 digit, base 32 number used as a seed for OTP. This field should be regarded as a second password field for all practical purposes. So encrypt it.
g2fa_code is unique and randomly generated for every user. It could be generated at the time of registration or at any point when user enables two factor authentication. This is the number used to generate QR code which can be scanned by the user’s Google authentication app. If the user wants to enter the code directly into his Google authenticator app then show him the same. Once it’s added successfully to the app it starts generating OTPs which can be used against a specific app.
On the server side, validation is very easy. Just call
validate(users_g2fa_code, int(user_entered_otp), 4)
It should return True if everything is okay. Make sure the server time is in sync with the internet time. OTPs are highly time sensitive. I have added a third parameter ‘window’ in the validate method which will allow client’s clock to drift server time by +/- defined seconds. Just make sure that that window is not very huge.
To run the demo
1. Install pyg2fa
hg clone http://code.thejeshgn.com/pyg2fa cd pyg2fa python setup.py install
2. Run the demo
cd demo python demo.py
Once you run demo.py, it prints steps to follow and interact with the demo app. Play with demo.py. It’s not very difficult to master. Of course fork the project and send me enhancements.
There are two interesting shows on TV The World Tomorrow hosted by Julian Assange and Satyamev Jayate hosted by Aamir Khan. Both are completely opposite but looks at changing the world for tomorrow. One is a softer version and looks at the problems of India. The other one is very radical and loud.
Satyamev Jayate is on Star Plus every sunday @ 11am. Episodes are also on Youtube (Available in other Indian Languages too)
Go watch them.
Thanks to Audible and Kindle. I have already read/listened to nine books this year. I am very happy about it considering that I read 5 books in entire twelve months of 2011.
1. Steve Jobs by Walter Isaacson
2. The Art of Deception by Kevin Mitnick
3. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick
4. The Selfish Gene by Richard Dawkins
5. Wizard: The Life and Times of Nikola Tesla : Biography of a Genius
6. The Girl with the Dragon Tattoo by Stieg Larsson
7. The Girl Who Played with Fire by Stieg Larsson
8. The Girl Who Kicked the Hornet’s Nest by Stieg Larsson
9. What Do You Care What Other People Think?: Further Adventures of a Curious Character by Richard P. Feynman
10. Burning Chrome by William Gibson (Progress)
11. The Kite Runner by Khaled Hosseini (Progress)
I want to do at least 25 books this year. Suggestions please. You know what I like :)
CIS has a detailed blog post explaining why all of us who care about freedom of expression on the internet should support annulment motion by MP P. Rajeeve.
You should actually read that blog post but the following are the most important points
No chance to defend.
There is no need to inform users before this content is removed. So, even material put up by a political party can be removed based on anyone’s complaint, without telling that party. This was done against a site called *CartoonsAgainstCorruption.com”. This goes against Article 19(1)(a).
Government censorship, not ‘self-regulation’.
The government says these are industry best-practices in existing terms of service agreements. But the Rules require all intermediaries to include the government-prescribed terms in an agreement, no matter what services they provide. It is one thing for a company to choose the terms of its terms of service agreement, and completely another for the government to dictate those terms of service.
Government, police or an angry mob can force your blog (freedom of expression) or your business (web-based) to go offline without notice. Which is kind of insane isn’t it?
Thankfully there are some smart MPs in our parliament who are trying to pass a motion to annul these rules. We can’t just sit and watch. We need to support MPs who are supporting this motion. Call other MPs and ministers to urge them to support this motion.
To call your MP, ministers and to send them an email, use this online form provided by CIS. Its easy doesn’t take more than a minute. If you want to do more use the postal address to send a hard-copy of the letter or use the given official phone number to call them.
To support Member of Parliament P. Rajeeve, go to change.org and sign the petition. It doesn’t stop there. Share this information with your friends and family. Urge them to do the same.