WE programming project

Entries feed - Comments feed

Last entries

Tue 26 Jan 2016

  • David Mentré

WE programming project: XKCD keyword index

With this post I'm starting a new kind of article: WE programming project. It's objective is to give ideas of programs that could be written over a WE, probably a lot more or lot less depending on your skill and willing to extend the idea.

Here is the first project proposal: an XKCD keyword index.

Objective

You probably known XKCD, "a webcomic of romance, sarcasm, math, and language". If not, I recommend it's reading. :-) All the XKCD comics are freely available, through an URL, e.g. "Asteroid" is available at URL https://imgs.xkcd.com/comics/asteroid.png.

Sometimes, I would like to illustrate a slide or blog item with one of XKCD comics. I know it exists, I saw it but I can no longer find it! So frustrating! So the main idea of this WE programming project is rather simple: make a keyword index of XKCD comics so that one could look for a comics over a theme or idea.

Requirements

Here is some requirements for this project, feel free to adapt to your needs or your own ideas: ;-)

  • It is a web site on the Internet that displays each XKCD comics (with proper reference to original web site) with associated keywords
  • One can search comics on a set of keywords
  • One can associate keywords (a-z- character set, space separated list) to a given comics
  • Already given keywords are suggested
  • No need of account by default, everybody is free to add new keywords (for easy contribution)
  • Moderators (with dedicated account) can make previously added keywords public, can remove keywords
  • No use of database (for easy installation), keywords are saved into a simple file
  • One can download the whole association of keywords to comics (e.g. as a JSON data structure)
  • There is an API to control the web site (for use by others and integration into other sites)

Needed programming technology

Any programming language you want which have a well designed web framework: Ruby with Rails, Python with Django, Javascript with Meteor, OCaml with Ocsigen, ...

If you tackle this project proposal, let me know! ;-)

Sat 29 Jun 2013

  • David Mentré

WE programming idea: opportunistic secure email exchanges

A long time ago, a French computer science magazine proposed programs ideas that ranges from a few hours to a complete WE. Here is an idea to elaborate on, even if it might take a little more than a WE to implement it fully. ;-)

Observation: secure email exchange with OpenPGP or S/MIME does not work

Like many others, I have tried to exchange secured (encrypted and strongly authenticated) emails with friends and other people, in my case in OpenPGP format using GnuPG free software. But, like many others, I have stopped because it simply does not work.

Why? Probably for several reasons:

  • One need to understand at least the basic principles of asymmetric cryptography: public and private keys. It is not that complicated (if you don't go into the fine details ;-) ) but it is probably already too much complicated for the average user;
  • One need to make ones key, load it into email program. If one has several computers, one needs to do this for each one of them. Making the key adds complicated steps. Loading it on each computer is cumbersome.
  • If you want to participate in the "web of trust" (for OpenPGP emails), you need to let your key signed by other people and sign other people keys. Once again, this is very complicated to understand for the average user;
  • Even if you don't want to participate in "web of trust", you need to check the fingerprint of your correspondents to gain strong authentication. Once again, a complicated step to understand and do;
  • Even if you have done all of this and understand it, each time you want to send an email you need to enter the password to unlock your private key. This is annoying.

Regarding S/MIME, you have overall the same complications. It can be a little simpler but as you need a Public Key Infrastructure (PKI), S/MIME usefulness is limited to a single administrative entity managed by trained system administrators, in other words a big company.

A proposal: opportunistic secure email exchange

The basic approach is pretty simple: make a plug-in to some email programs. The first time the plug-in is installed, it automatically creates a public and private key couple for each email address used by the user.

Then, each time a user A sends an email, the public key attached to A's email address is automatically sent with the email. Therefore, if the user communicates with another person B using the same kind of plug-in, the receiver detects that A is capable of using secure emails. At next email from B to A, the plug-in automatically attaches its own public key.

Therefore, after two emails exchanges between A and B, they both have the public key of the other person and thus can both exchange secure emails. When one sends an email, by detecting we have the public key of the correspondent, the email programs would automatically encrypt and sign the email.

Of course, with this scheme, you don't gain strong authentication of the remote party. A man-in-the-middle attack is still possible. But this does not prevent to use another cryptographic protocol to check afterwards that the remote user is really who he is pretending to be, like in ZRTP protocol.

But the danger nowadays is not man-in-the-middle-attack, is it continuous spying on servers like the USA's PRISM program. This opportunistic encryption scheme would allow the average user to use encryption. The emails would be stored encrypted on GMail, Microsoft or Yahoo servers and be in clear only on user's computer.

The WE programming idea

I think you now have understood this WE programming idea: implement such a plug-in doing opportunistic email encryption, e.g. as a Thunderbird plug-in. :-) All the libraries are there, like GnuPG's GnuPG Made Easy library to manage keys, encryption and authentication.

Anybody willing to take the challenge? ;-)