Recently in megagram Category

We use Amazon S3 for data backup for all of our servers.  Each individual server gets its own bucket in S3.  Actually, it gets two (-backups and -chunks).  Apparently there is a limit to the number of buckets you're allowed to have in S3.

So now the last server I added can't be backed up.  Greaaat.

I'm in the process of merging a few junk server backups into a single pair of buckets to see how it works.  If it works well, I'm just going to merge *all* of the servers into a single pair of buckets.  I don't like it, but I'm not sure I have much of a choice.  I don't want to stop using S3 for backup (super cheap, easy, and reliable).

So, I've got several people using SharedPass on a regular basis now.  They seem to be happy with it.  Other than the fact that it isn't prettified yet, it's ready for full use.  Feel free to use it!

You can store your passwords with confidence in SharedPass.  All fields marked "Encrypt" are encrypted and are completely unavailable to anyone, even me.  When you create your account, you choose the level of encryption.  The default setting is more than sufficient, but even the lowest setting is very secure.

I invite you to try it out.  I want to know what you think of it.  If you have feature requests, let me know!  I'd love to enhance it in whatever ways would make it better.

http://sharedpass.com/  (redirects to an SSL'd site, of course)

http://search.cpan.org/~WILSOND/Net-SloppyXMPP/lib/Net/SloppyXMPP.pm

Bug fix.  There was a problem with the chunking and encoding of the payload within the message function.  It wouldn't properly send large messages (many thousand characters).  Should be fixed now.  It works for me anyway.

http://search.cpan.org/~WILSOND/Net-SloppyXMPP/lib/Net/SloppyXMPP.pm

I've updated my Net::SloppyXMPP module.  I added the very necessary features to send messages and to subscribe to incoming messages.  Not very useful without those.

I also fixed a dependency bug that caused the module to die if you specified that you didn't want to use SRV record resolution.

As always, give it a few hours before you start looking for it on the CPAN.

My fancy new password storage and sharing webapp is ready to be tried out.

http://sharedpass.com/ (redirects to an SSL'd site)

I intend to build a desktop app to interface with it at some point, but not today.  I'd also like a Palm app (or whatever phone I end up with when I finally do make it).

The interface is currently a bit ugly.  I'm not going to spend a bunch of time on the interface until I get feedback on the usage of the system.  I want feedback on the UI, too, but mostly the functionality.

You can create new entries as well as delete/remove/edit/share/import/export/revoke entries.  Delete will delete it from the database, including from everyone you've shared it with.  Remove just removes it for you.  When you click the button to do either, it'll tell you what happens.

On each page, there is a username/password form.  You must put in your username/password for each page if you want to perform an action.  Because I treat your password as something that should never be recorded (for security reasons) and the only thing that can unlock your keys is your password (combined with other things), I can't use a standard session management system to keep you logged in.

There is no logout.  There isn't a session to logout of, so there is no need to logout.  Just close the window or tab.  It's always best to close the browser if you want to be most secure, just in case the browser cached a page.

Feel free to use it.  I promise that I have absolutely no access to your passwords.  They're all encrypted (if you check the "encrypted" checkbox on that field) and require your valid login to unlock the key that decrypts the data.  Without your username/password, I can't access it.  Neither can anyone that gets access to the database.

Technically someone could hack the system, record all incoming passwords, and use them to unlock the keys.  Doing that would require that they modify the SharedPass app, which is likely to be noticed.  No promises on that yet.  It's not marketable yet, but it does function.

Let me know if you've used it and your thoughts.  Remember: I didn't intend for it to look nice yet.

Does anyone have the need for a system that allows you to share your passwords with other people?  My company needs to be able to share passwords between staff (website logins, etc).  The best I've found so far is SplashID, but it doesn't really work in Linux and it doesn't properly share passwords in the nice atomic way I need.  So I've started building a webservice that does this.

No, it doesn't store the passwords in plaintext.  Each user has a key (PKI-style).  The passwords are stored in a table.  That row doesn't have the password itself, just a reference to its existance.  Another table has the public-key-encrypted password, one entry per user with such access.  Not even the database admin (me) can see these passwords as they're encrypted with the keys.  The key is decrypted with the user's private key, which is only accessible by them.  When a user shares a password with someone else, the password is decrypted with the private key and then a new entry is created with the password encrypted with the target user's public key.  That entry is attached to the controlling row in the other table.  This allows for modifications to the password as well as all other meta data.  Those modifications will pass through to the other users' entries.

The nice thing about using public/private keys is that you can encrypt items destined for others without being able to decrypt it, properly protecting the data.  Even if someone were to get a full database dump of the system, they wouldn't be able to use it.

I'm planning to make a desktop client as well as a Palm client for this.

Working on LeafBridge pretty much full force these days.  Starting with the Windows version so I can start making money from it.  Will add the Linux and Mac OS X versions shortly after I learn what I did wrong with the first released Windows version.  It'll be greatness.

I had to write my own XMPP library for Perl.  None of the already-existing XMPP libraries would work for LeafBridge.  It has to work on Windows, Linux, and Mac OS X reliably and must be thread-safe.  So I created Net::SloppyXMPP.  It's not finished yet, but it's mostly there.

I've started doing research on writing apps for the Palm OS.  I guess I have to learn C sometime... ugh.  I plan to write a few junk apps for it to learn how to do it.  Eventually, I'll be writing apps specifically for LeafBridge.

Aside from all that, I'm working on the Megagram website.  I've got a few ex-coworkers that are aiding me in it and hope to have something marketable soon.