February 25th, 2011 | Categories: News, Rant, Security | Tags: , , , , , , , , ,

Found the below on anonnews.org (here's a reddit). As a proponent of public key cryptography, I whole-heartedly agree. If the groups used cryptographically secure signatures on their publications, anonymous would no longer be at risk of having members jump to fight in fabricated battles. This would do away with the potential for the Anonymous Hoax that seems so easy to create at the moment.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Anonymous,

Every time the core group puts out a press release or replaces website content with a message to the owners, it does so in the form of an image. I've been musing on the idea that internally these images must have a deeper purpose than simply acting as a style standard--maybe they have some steganographic messages hidden in the pixels to communicate within the inner circle. Maybe somewhere embedded is a forgery-proof watermark or a signature (beyond the famed logo)... but I haven't found anything (not that I've looked too terribly closely) and I'm starting to wonder if it's because nothing is there.

It's obvious at this stage that their is a 'usual' press release team, no matter the ethereal, leaderless form in which anonymous supposedly exists--and I doubt it's the only group acting as a team within anonymous. So here's my suggestion:

Individual groups within Anonymous adopt a standard for communication that involves setting up a GPG encryption key (http://www.gnupg.org/documentation/howtos.en.html) for the faction and then using that key to sign whatever image/message are published by that faction. This is really what Public-Key Cryptography (https://secure.wikimedia.org/wikipedia/en/wiki/Public-key_cryptography) was created for--a public key that anyone in the public can use to verify message origin authenticity, with a secret key, physically protected by the owner (or owners).

If the core group wants to exist in a form that it can be 'in charge' of press releases and going on air on the David Parkman show and the like to verbally combat the rantings of lunatics, it would be great to create a public key for the group so the next time someone claims to have received a message from anonymous, that group can say, "Show me the signature? Does it verify against our public key? No? Then we didn't sent it. Because we have a standard."

This would also help anyone interested in following different factions in identifying which faction put out which message. If you find that there is an anonymous faction (or even a third party group like the WBC, FBI, etc) acting out against the core values of anonymous or pretending to be a member of an influential group, you can be sure that their messages are not mistaken as coming from any of the groups who accept the GPG signing standard.

Granted, it should be advised that holding a private encryption key belonging to a faction acts as physical proof that you are a member of that faction (in the event that your equipment is seized or accessed by an opposing force)--so this key needs to be treated with the utmost security in mind.

You'll note that this message is signed by zombies@anonnews.org, which has a public key published for anyone to use to verify that this message was sent by the Anonymous Zombies faction: http://pgp.mit.edu:11371/pks/lookup?search=zombies%40anonnews.org&op=index (forgive us Sven/anonnews.org--but your domain just seemed the most apropos for using as our identification source since you are the closest thing we know to an official anonymous domain besides 4chan, LOL).

You are Anonymous
You are Legion
You do not Forgive
You do not Forget
I Expect you... to cryptographically sign your messages
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.11 (Darwin)

iEYEARECAAYFAk1oUigACgkQNoGgcrl7L2iwggCgjJ1JiZq17Tqz1R7Xs94ctyOi
UHUAoN25E+kLYGgfGTnHnECAwBCAh2+f
=LxmL
-----END PGP SIGNATURE-----

January 29th, 2011 | Categories: JavaScript, jQuery, Web Development | Tags: , , , , , , ,

Don't ask me why, but I needed a way to explode some stars in a fancy animation on a page. At first I found Fireworks.js, which was kinda cool at first--but I quickly realized a few things:

1. It's using raw javascript, which is a pity if you are already loading the power of jquery and jquery.ui
2. It wasn't what I really wanted. I wanted STARS!

So, I bring you, jquery.imgExplosion:

Although, the default implementation uses a star graphic I whipped up in Illustrator:

You can still attach the plugin to any image--either on the page or not. Soccer balls? Severed heads? I don't care what you do with it but FORK the code if you've got improvement ideas.
Check out the Demos Page for examples.

Download/Fork on Github

https://github.com/atomantic/jquery.imgExplosion

Demos

http://atomantic.github.com/jquery.imgExplosion/

October 22nd, 2010 | Categories: JavaScript, jQuery, Web Development | Tags: , , , , , , ,

I'm working on a project that required some apparently previously unexpected UI controls. One of them, I decided should be made into a jQuery plugin and get some feedback from the community. I call it jquery.codeassist.

OK... so what the hell does it do?

The plugin creates a code assist menu within textarea and input fields, which allows users to select from a list of suggested values. This effect is triggered by the entry of a key character such as %, $ or [

So far, only %, $ and [ (with an optional closing key of ]) are supported--though, with some tweaks, I know I can get it to accept any input.

OK... but really, what the hell does it do?

It was built for the purpose of allowing users to enter dynamically replaceable code bits into textareas and input fields. A use case example would be if you are allowing users to create a page template or message template that will need to be filtered for the audience or some other situation involving different values for different pieces of data at a time. A user can enter in the code bits, which you can replace behind the scenes in the template.

OK... so is there a real world example?

Since the impetus for this plugin comes from a proprietary and as of yet unseen stealthy startup, I'm not at liberty to show the awesome reason why I found it necessary to create this plugin. But here's a totally crappy and simple demo so you can see what the hell I'm actually talking about:
Crappy, Simple Demo

And you can download, fork and whatnot on github:
Source on GitHub

Issues I had with the implementation

Mouse position

The thing that is bugging me most at the moment is that I wanted the menu to appear where the mouse is. Simple enough, right? Just take a look at the triggered event pageX and pageY, right? Well, that would work if I was attaching to a mouse event--but the trigger for the menu is a key event, which doesn't care about the position of the mouse. So to get around this, I've got a listener that's caching the mouse coordinates so we can look at it when we need to:

// this is stupid but I can't find a better way to get the current mouse position
// since the key events don't contain the pageX and pageY 
// so following it arround and caching the position :(
$(document).mousemove(function(e){
	codeassist.pageX = e.pageX;
	codeassist.pageY = e.pageY;
});

I am genuinely annoyed about this.

Cursor position

For sane browsers, you can simply access element.selectionStart to get the index that the cursor is positioned within the text. However, for IE, you have to hack up a nasty solution:

... // up here, we've defined el as the input, v as the current value of the input, and t = $(this), etc..
var before = ''; // text before cursor
if (el.selectionStart!==undefined){ // sane browser
	before = v.substring(0,el.selectionStart);
}else{ // IE
	t.focus();
	var range = document.selection.createRange();
	range.moveStart ('character', -v.length);
	before = v.substring(0,range.text.length);
}