Smoky Cogs

I have finally started uploading apps to the Android app store. The three apps I previously wrote about (Scientific Name Search, Plasmatic and Dutch Public Holidays) are uploaded to the app store, as well as a few apps I created based on a version of my astronomical library ported to Java.

The crowning glory of these astronomical apps I have uploaded to the app store is Night Sky Tools (http://play.google.com/store/apps/details?id=com.smeunier.nightskytools).

The features included in the app are:

• Angular separation
• Astronomical Time
• Atmospheric refraction
• Coordinate convertor
• Eclipses
• Magnitude
• Precession
• Conjunctions and Oppositions
• Ephemerides of the planets, sun and moon
• Equinoxes
• Positions of Jupiter’s moons
• Planetary orbits
• Constellations
• Stellar Classification
• Telescope Airy Disc
• Telescope F-Ratio
• Telescope Magnification

Go ahead and check out the app.

Spirals are a relatively easy shape to draw, but in order to draw a good spiral we need a bit of simple trigonometry.

The basics of the spiral are the radius of a particular point from the origin, at a particular angle, and for the code below, the radius increases as the angle increases. The exact relation between angle and radius determines the type of spiral.

In the simplest case, the radius will increase linearly with the angle, thus
Radius = Angle * ScalingFactor

We can also use quadratic or cubic equations to define the realtionship
Radius = Angle² * ScalingFactor
Radius = Angle³ * ScalingFactor

The most interesting spiral, however, is the exponential spiral, which is found in nature most famously in the nautilus shell.
Radius = Angle^e * ScalingFactor

Now that you can determine the relationship between radius and angle, it is a simple matter to draw the spiral.

Starting at the origin, with angle 0, we need to increment the angle by a certain amount – in the code below by 0.5 degrees per iteration – and then calculate the radius, and then using the radius and the angle, we are able to calculate the x and y coordinates of the point by using simple trigonometry, since sin(angle) = y/r and cos(angle) = x/r.

Now after finding the coordinates of the point, we simply need to draw a line segment from our previous point to the new point. The smaller the angle increment, the smoother the curve which is drawn will be, but it also means that more points need to be calculated to draw the same curve, which consumes more processing time.

One good way of speeding up the calcution of the curve, is to use a lookup table for the cos and sin values instead of calculating them with each iteration, but that is a topic for another post.

      public void drawSpiral(double scale, double delta, double revolutions, int centreX, int centreY, SpiralType spiralType, int width, int height, Color color, Graphics g)
      {
         Pen p = new Pen(Color.Blue, 1);

         double prevX = centreX;
         double prevY = centreY;
         double X = centreX;
         double Y = centreY;
         double theta = 0;
         double radius = 0;

         while (theta <= (revolutions * 360))
         {
            theta += delta;
            if (spiralType == SpiralType.Linear)
            {
               radius = theta * scale;
            }
            else if (spiralType == SpiralType.Quadratic)
            {
               radius = theta * theta * scale;
            }
            else if (spiralType == SpiralType.Cubic)
            {
               radius = theta * theta * theta * scale;
            }
            else if (spiralType == SpiralType.Exponential)
            {
               radius = (Math.Pow(theta / 180 * Math.PI, Math.E)) * scale;
            }

            prevX = X;
            prevY = Y;
            X = (radius * Math.Cos(theta / 180 * Math.PI)) + centreX;
            Y = (radius * Math.Sin(theta / 180 * Math.PI)) + centreY;
            g.DrawLine(p, (float)prevX, (float)prevY, (float)X, (float)Y);
         }

      }

      public enum SpiralType
      {
         Linear,
         Quadratic,
         Cubic,
         Exponential
      }

Recently I decided to experiment a bit more with developing Android applications. I had played around with Android a rather long while ago, creating two rather simple apps – Dutch Public Holidays and Plasmatic, but decided to look at it again.

I have improved upon my two previous apps, making them much more useful, and created a third app, using webservices to look up animal and plant scientific names.

Thanks to the thousands of Android tutorials littering the web, it is not hard at all to get started in Android development, and the integrated Eclipse/Android SDK makes for a very pleasurable development environment.

Since there is nothing that can’t be found in other tutorials in the applications, I won’t list the code for the apps themselves, but you can download the source code for the apps from the links below.

Dutch Public Holidays
This was the first app I wrote, and is rather very simple in construction. It merely shows a list of public holidays for the Netherlands for a particular year.
Installer – Source

Plasmatic
I ported some code from my C# fractal library I had written a while back to Java to draw plasma fractals. The application generates a plasma fractal based on a set of preferences, and is able to save the generated images to a file on the mobile device.
Installer – Source

Scientific Name Search
This app makes use of a webservice provided by www.itis.gov to search for information such as the scientific name and taxonimic classification of plants and animals.
Installer – Source

Much to my shame, I first came across a feature of web-browsers that had been developed way back in 2001 – the bookmarklet.

What a bookmarklet is, is a regular browser bookmark that has a piece of javascript for its address instead of the usual url, by using the javascript: prefix instead of the usual http: or http:. I had known for a long time that the address bar of most browsers support this, but did not even think that this functionality extended to bookmarks.

What this means though, is that you are able to insert almost any imaginable script into a bookmark.

Here is an example, which I found on the Wikipedia page on bookmarklets, which opens up the relevant Wikipedia article based on the selected text within your current document, which can be a great timesaver.

javascript:function se(d) {return d.selection ? d.selection.createRange().text : d.getSelection()} s = se(document); for (i=0; i<frames.length && !s; i++) s = se(frames[i].document); if (!s || s=='') s = prompt('Enter%20search%20terms%20for%20Wikipedia',''); open('http://en.wikipedia.org' + (s ? '/w/index.php?title=Special:Search&search=' + encodeURIComponent(s) : '')).focus();

I was playing around with some code recently, and came across a very easy way to create a city lookup field using jQuery’s UI components and a very useful webservice provided by Geonames.

How the autocomplete functionality in jQuery works, is by wrapping the functionality around a standard html text input field, populating a dropdown list of values from an ajax call to a webservice, in this case, the Geonames webservice.

When supplied with a partial city name, the GeoNames webservice returns back a list of information for cities matching the partial city name supplied, allowing you to display, and keep track of, the country, province, full city name, and a host of other info. Full documentation is provided on the GeoNames site.

$( "#city" ).autocomplete({
  source: function( request, response ) {
    $.ajax({
      url: "http://ws.geonames.org/searchJSON",
      dataType: "jsonp",
      data: {
        featureClass: "P",
        style: "full",
        maxRows: 12,
        name_startsWith: request.term
      },
      success: function( data ) {
        //Display city name, state name, country name
        response( $.map( data.geonames, function( item ) {
          return {
            label: item.name + (item.adminName1 ? ", " + item.adminName1 : "") + ", " + item.countryName,
            value: item.name + (item.adminName1 ? ", " + item.adminName1 : "") + ", " + item.countryName
          }
        }));
      }
    });
  },
  minLength: 2,
  select: function( event, ui ) {
    $('#city').val(ui.item.value);
    return false;
  }
});

Last week, as by know, no doubt, you have probably read, LinkedIn had a security breach, with 6.5 million passwords being stolen. It has caused a lot of people to argue back and forth that they didn’t implement good enough security measures and should have done things differently, such as using a salted SHA-1 hashing algorithm instead of an unsalted hash as they had used.

However, I found a really interesting interview with Thomas H Ptacek on the Krebson Security news site.

Ptacek maintains that no matter whether they had used salted or unsalted SHA-1 encryption, or even SHA-512 encryption, it would not have mattered. The problem lies not with how secure the hashing is, but rather how quickly the hash is calculated, making brute force attacks possible.

Ptacek goes on to explain how these cryptographic hashing techniques are designed to be as fast as possible, allowing many millions of attempts to crack the passwords in a reasonable amount of time, which is exactly what happened when the hashes of the LinkedIn passwords were stolen.

The solution that should have been using is password hashing. The key difference with password hashing is that it takes a lot longer – from milliseconds to a second or more – to hash the password (or any other value passed to it), which makes a brute force attack such as those that would work on a normal cryptographic hash virtually impossible. One common way of accomplishing this is to simply apply a cryptographic hash repeatedly, say a thousand times, on the value. With no increase in development cost, and with only a slight increase in server load for logging in users, it is possible to eliminate the threat of brute force attacks on password hashes.

So, why wasn’t it implemented this way in the first place then? Well, simply, most programmers do not know about it, myself included. The vast majority of programmers spend very little time analysing hashing techniques, relying instead on accepted practices to provide guidelines as to how to implement security.

As an example of this, 2 days ago, I wrote (and passed) the Microsoft Certified Technical Specialist module Accessing Data with .NET 4, which covers just about everything you need to know about manipulating data with .NET. There is a section in the module specifically covering how to protect passwords in a database, with the recommendations of the book being that you should use salted SHA-1 hashing, or if you want better security SHA-512. Nowhere in the book is any mention made of password hashing techniques such as discussed by Ptacek in the interview mentioned above.

Therefore, is it any wonder that most programmers are oblivious to the dangers when even official sources fail to mention the best way to protect your data, instead of methods that have time and again proven to be relatively easy to compromise.

One of the most frustrating things about JavaScript is being able to determine what events are being fired for a particular element, especially in a complex web application where a single element might have several different functions attached to a particular event.

Well, jQuery comes to the rescue.

jQuery has a very useful, and rather unknown, method to return all the events attached to an element, which is particularly useful when used in the web browser’s console while debugging a web page.

All this needs is one single line of code, and hey presto!

$(element).data('events');