Team 23 Well, I never saw this coming, but apparently the Michael Jordan brand now extends to Superbike racing. Michael Jordan is now sponsoring Montez Stewart in the AMA Superbike Championship. Perhaps now I can persaude myself to spend my last bit of saved cash on a bike with full Jordan-label leathers.

Bad track record Anyone who has been reading this blog (and we know you're few and far between), knows how random the category of posts can be. So since we've added Google ads to the top of Going Nowhere, it's been interesting to watch what gets selected. Initially it was just other Jabber and blogging related topics because were busy prattling about Gush and other Jabber stuff at the time. However, Wes' "What it really takes to give more than 100%" and my post about Rhode Island threw some kinks into Google's ad oracle. For a while there were ads about hotels in Rhode Island, and now we have this:

It's at this point in time that I would like to emphasize that the above ad most certainly does not reflect our opinions. To prove my point, I'm now going to watch TV.

We need more entropy, Scotty! There was one small problem with the JEP-25 code for producing key sequences: the mechanism for producing the seed is pathetically weak. The length for the sequence is typically 256 in other clients such as Exodus. So if all the sequences were only 256 in length, you would only have to enumerate 256 * 2 ^ 15 hash values to be able to crack the sequence if you're using random.randint(1,2**15) to generate the seed. A better solution would be to use this function for generating the seed.

    def generateCNONCE():
        """http://www.faqs.org/rfcs/rfc2831.html requires at least
           64bits of entropy for the cnonce."""

        # Each character [A-Za-z0-9] character has ~5.95 bits 
        # (log(2) 62) of entropy and so we need a string of at 
        # least 11 characters to have 64bits of entropy. We're 
        # using 128bits of entropy.

        cnonceLength = 22
        
        cnonceList = [None] * cnonceLength
        for i in xrange(cnonceLength):
            randValue = random.randint(0,61)
            if randValue < 26:
                cnonceList[i] = chr(ord('A') + randValue)
            elif randValue < 52:
                cnonceList[i] = chr(ord('a') + randValue - 26)
            else:
                cnonceList[i] = chr(ord('0') + randValue - 52)

        return "".join(cnonceList)

Night Scenes Andy Gray is up to his usual photo-magic with a new set of Tokyo night scenes.

JEP25 and Generators You've got to love Python generators. Generators can make even an amateur programmer like myself look like I know what I'm doing.

, HTTP Polling, allows people behind overly restrictive firewalls to connect to Jabber networks via HTTP. JEP-25 has a smarter, better looking cousin, , but the Jabber.org sages haven't finalized it yet.

Both JEP-25 and JEP-124 require a key generation algorithm to make it difficult for people to hijack a HTTP session.

The formulation for the key sequence algorithm is:

K(n, seed) = Base64Encode(SHA1(K(n - 1, seed))), for n > 0
K(0, seed) = seed, which is client-determined

Python generators makes producing the sequence a breeze:

def JEP25KeyGenerator(sequenceLength):

    kg = createSequenceGenerator(sequenceLength)

    def generatorWrap():
        return kg.next()

    return generatorWrap

def createSequenceGenerator(sequenceLength):

    sequence = generateSequence(sequenceLength)
    while True:
        key = sequence.pop()

        if not sequence:
            sequence = generateSequence(sequenceLength)
            newKey = sequence.pop()

            yield "%s;%s" % (key, newKey)
        else:
            yield key

def generateSequence(sequenceLength):

    seed = random.randint(1,2**15)

    sequence = []
    key = str(seed)

    for i in xrange(sequenceLength):
        key = sha.sha(key).digest().encode('base64').rstrip()
        sequence.append(key)

    return sequence

Instantiating the generator and executing a couple of interations yields:

>>> keyFactory = JEP25KeyGenerator(5)
>>> keyFactory()
'EpEvcNDBlsi7A1g7WN7IM7HGxOs='
>>> keyFactory()
'BMZLLvKUQhHbh81aA36zJEzxpFg='
>>> keyFactory()
'4ONYMRixMwN6NLcKgzCSCTRVcBg='
>>> keyFactory()
'slhQAtISUUXvebLYb5IAb884Q3g='
>>> keyFactory()
'2kuSN7rMzfGcB2DKt67EqDWQELA=;nEz+8Cwjf+7gcKIELGBQBoHb6wE='
>>> keyFactory()
'i12uDskbdkkut6JL5OW1fvcSv98='

On the 5th execution of KeyFactory(), the sequence is exhausted and a new key sequence is introduced. However, the change over to the new key generation is completely transparent to the generator client.

The strings produced be the key generator are suited for constructing the body of the HTTP request:

#sessionID;sequenceKey[; newSequenceKey],[body]
httpBody = sessionID + ";" + keyFactory() + "," + xmlStanza
response = urllib2.urlopen(proxyURL, httpBody)

Beautiful Flash Design The guys at ni9e.com have 6 wonderful typographic animations set to music. Check out the main site for their entire collection.

Thank you Microsoft? The bogus Eolas patent has successfully been nullified by the USPTO. This is probably the first time the trademark office has put any thought into a patent decision, but unfortunately it takes a good deal of time and money to get them to take a second look. Last year the "one man operation", Dr. Mike Doyle, was awarded a $521 million settlement for Microsoft's infringement. No patent is worth that, period. Barring a successful appeal, MS saves some dough, which really means we save, and they don't have to break the web like they wanted. So .. uh thanks Microsoft? No that just doesn't sound right. (via The Register)