So I decided I wanted to use the WPTouch Pro template for a site I’m designing, in which I’m displaying a list of upcoming events. Unfortunately WPTouch Pro has no options in the settings menu for changing your listing order / only showing future events, so I shoehorned in some code changes to facilitate this functionality. This assumes you are employing the Future Is Now plugin for your event lists.
/wptouch-pro/themes/classic/iphone/blog-loop.php
and
/wptouch-pro/themes/classic/ipad/blog-loop.php
before the have_posts call
<?php add_filter(‘posts_where’, ‘filter_where’); query_posts(‘order=ASC’); ?>
/wptouch-pro/themes/classic/includes/theme.php:
function filter_where($where = ”) {
$where .= ” AND post_date >= ‘” . date(‘Y-m-d’) . “‘” . ” AND post_date <= ‘” . date(‘Y-m-d’, strtotime(‘+30 years’)) . “‘”;
return $where; }
This post is simply a collection of previously developed applications for the Sidekick platform. Dangers developer network has gone silent as of September 30th, 2010 following the leave of most key members to the Android platform, and Microsoft’s failed attempt to utilize the backend services they obtained through purchasing Danger in their Kin platform.
BatteryLife
BatteryLife just shows a battery % in the title bar. It accomplished this by passing a Notification event to the NotificationManager, and generating the battery % level as it’s notification icon dynamically as it received battery events.
Bloggy
Bloggy is a client for posting to blogger.com utilizing the Blogger API xml-rpc protocol. I actually put the application to good use by using it to blog my florida trip in the summer of 2004, which helped work out most of the nuances and remaining bugs.
As far as technical details go, it communicates through http to the blogger xml-rpc server. IPC system calls were used to allow emailing of currently entered posts, as well as to auto-dial the number for the AudBlog (blog voice posts from your phone) service. Login data is saved through system reboots, and can be purged from the application menu.You are also able to edit the very last entered post.
BrightKite
Brightkite is similiar in function to Foursquare, though Foursquare has taken the lead in the ‘check-in’ social network department.
Chirp
Chirp was an implementation of a Walkie Talkie style communicator for the Sidekick platform. It emulated the popular Boost Mobile style when sending messages, playing the familiar chirp sound before starting audio playback. Audio clips were sent over the Hiptop (sidekick) network using the HiptopConnection class as AMR encoded audio clips. Using this encoding, the delay over the 2G network was pretty insignificant, delivering a near instantaneous communication method. The application did not establish a lasting socket between users so communication was back and forth. A basic XML based userlist was implemented to provide a communication interface, since you needed to know a users unique Hiptop username in order to send.
Fido
Fido was a simple http file grabber. It registered itself as a file handler so that you could select an item in the browser and pass the link directly to Fido, which would in turn download the target file to the sd card. No image available.
Google Voice
As the name implies, this was a native application for handling Google Voice’s voicemail transcription and recording services. It utilized reverse engineered, undocumented, API systems for retrieving voicemail data. The app had the ability to not only retrieve the list of voicemails along with their transcription, but could also playback messages when clicked, downloading the mp3 file off Google’s server and playing it back on the handset. The app also had a built in address book service for initiating a Google Voice connection to a selected number.
HipWx
HipWx is a weather display application which retrieves data through Yahoo’s local forecast API. The goal of the application was to create a simplified, purpose specific application without all of the built in clutter which other weather applications on the platform suffered from. Current conditions were available directly on the Sidekick OS jump screen by drawing a built in weather icon + current temperature information onto the SplashScreen component. Current conditions and Temperature could also be displayed in the notifications area, utilizing the same NotificationManager tricks as BatteryLife. Due to limits in Yahoo’s API service, weather updates were only pushed hourly, with the application checking every 15 minutes to see if the latest update was available (could optionally be forced to check).
On earlier devices there was also what I deemed a ‘stealth’ version of the application. This version flagged itself as invisible to the user so that it took up no slots in the actual OS jump screen. Instead of drawing it’s weather information on it’s individual app splash screen, it used then-public API calls to override the default splash screen of the Phone application. The API calls used to accomplish this were eventually disabled in later versions of the OS.
Newskicker
A functional RSS reader for the Sidekick platform, rather than relying on third party gateway services to pre-format the RSS content for the device, Newskicker was designed to allow you to bring in any raw RSS compliant feed. Individual feed items could be displayed either as Text, HTML, or HTML w/ inlayed image loading. Update intervals could be manually changed by the user.
Subbie
Targeted at the hard of hearing but functionally hindered due to the Sidekicks poor media support, Subbie allowed you to overlay .SRT format subtitle files on top of a 3GP video. Proper support for time indicators was implemented. No photo available.
Twitter
A full featured Twitter client developed on the Sidekick platform. The application evolved as Twitter’s service evolved, eventually adding support for TwitPic and TwitVid/YFrog for media posting. Tweeted links were also collected for easy opening in the browser.
As everyone is surely aware by now, over the weekend Gawker suffered a massive blow as Gnosis released not only source to Gawkers backend system, but also their entire database of user accounts with hashed passwords (plus a partially decrypted set of passwords). Along with the release came an enjoyable Readme.txt detailing how the group took the data while Gawker joked it up. I definitely recommend at least giving the readme file a glance for some insightful commentary.
Now, we already know Gawker’s security was clearly not up to par, but let’s take a look at how insecure the stored passwords were from a cracking standpoint.
Let’s look at an example of what you’d find in the DB dump (this is not an actual db entry, just an example)
user ::: ZxnjglVvhlyeM ::: NULL ::: user@example.com
At first glance one might think this looks secure, however it most certainly is not. The problem lies in the fact that Gawker employed the DES encryption standard. This standard was passed over awhile back by Triple DES, and more recently by AES. The main problem with DES is the fact that it’s limited key size left it open to brute-force attacks as computing power increased. Now, if Gawker’s data was using salts which no-one had access too, then the data would be a bit more secure.
On top of the fact that Gnosis also shared much of Gawker’s back-end source code, the salts used in the encrypted database are actually stored in the encrypted password. The first two characters of our encrypted password above are actually the salt, ‘Zx’. This is default behavior for this function.
The second problem is that the standard DES crypt() function only uses the first 8-characters of of the passed input to generate the hash, effectively limiting any user’s password to 8 characters no matter how long they actually wanted it to be. As noted by Gnosis this does mean that users who used passwords longer than 8 characters across other sites are probably somewhat more secure, as anyone cracking the Gawker logins will only get those first 8 characters back.
A third possible problem which I can’t really be sure of, is that it ‘appears’ as though Gawker stored the passwords as strtolower’d equivalents when hashing, though this could simply be because the people who cracked the initial batch were only running their attack against lower case characters.
In either case, DES as a password encryption scheme was clearly a horrible choice. With the salt already in hand it is easy to do quick dictionary attacks against the stored passwords to uncover most average user choices.
PHP has a built in implementation of DES through it’s crypt() function which we can use to test the dictionary attack against the ‘password’ choice which many people had made.
echo 'DES: ' . crypt('password', 'Zx') . "\r\n";
will output:
DES: ZxnjglVvhlyeM
The ‘secure’ password we saw saved earlier.
Even without a dictionary attack, if the passwords really are storing only in lower-case form then you knock out a huge chunk of variance when brute forcing.
Reddit got the Old Spice Man to post youtube videos providing audio they could cut and edit to provide custom voicemail messages for users, here is the fruit of their labor
http://oldspicevoicemail.com
I suggest trimming the file a little bit after you download it in order to make it sound a little bit more natural
Generates a basic image of the new NXE avatar with your xbox live information. Haven’t gotten around to adding the latest games display but it is relatively easy to add yourself.
Example:
UPDATE 11/19:
switched the avatar fetching to cURL, also added a 3rd method of deploying the script via htaccess, see readme.txt for info.
EDIT: updated the code, use the link below
XboxAvatar_02252011
XNATetris from http://xnaprojects.net set for compiling to Zune.
xnatetris_zune_may8_145pm
