Not password, passphrase

For years, people have been warned about using strong passwords and being told that strong passwords have the following characteristics:

  1. Mixed Upper and Lower Case
  2. Special Characters

It goes without saying you should NEVER have a password that might relate to your name or the name of a family member.

But there is a website that will tell you exactly how STRONG (or weak) your password happens to be. The strength of a password is measured in entropy. The higher the entropy, the stronger the password.

So, using the above criteria, how strong are the following passwords?

Password Entropy Comment @1k guess per sec
He1nr1ch$ 39.9 Reasonable Strength. But it’s also my name. 17 years
Fleaswtracenlant 72.8 Strong. But it’s also the name of my ‘A’ School in the Navy. 149.7 BILLION years
Trump_8==> 42.9 Reasonable, and reflects a political opinion. 140 years

Is there a better way? Yes. Use four words that only mean something to you.

Example. Chicken Nuggets Tent Farts

I went camping with a friend of mine. He ate an entire 20 pack of Chicken Nuggets. I slept outside for obvious reasons.

What is the entropy here? 116.4 bits, which is incredibly strong. At a 1,000 guesses a SECOND, it would take 2,634,346,452,833,500,000,000,000 years to guess the password.

That’s 2.6 septillion years.

As a frame of reference, the Big Bang event occurred 14 billion years ago and the last dinosaurs died out 65 million years ago.

XKCD had a comic for this…

Fresh Fedora Install? Do this next…

A while back, I installed Fedora 27 on a Dell laptop. I installed it as a partition, so I could dual boot either Windows 10 or Fedora. After a while, I found myself using only Fedora. So I reformatted the drive (using LVM whole disk encryption) and now it’s a Fedora only machine. If I want Windows, I’ll create a VM image.

Update your install

I know you think, “I just installed this, it must be updated…” Yeah, well…. no.

Do this

sudo dnf upgrade --refresh

The instructions are detailed here

The upgrade will take a while but it’s worth it. After it’s done, a system reboot is a good idea (it couldn’t hurt).

Install GCC and Ruby

Bizarrely, GCC and Ruby are not installed by default. But you can check by typing:

gcc --version

and if you don’t have gcc installed, you will be offered the choice to install it.

bash: gcc: command not found...
Install package 'gcc' to provide command 'gcc'? [N/y]

Say yes.

Now for Ruby.

ruby -v
bash: ruby: command not found...
Install package 'rubypick' to provide command 'ruby'? [N/y]

again, say yes.

That’s all for this installation of “Fun with Fedora”.



Do you Sikuli?

Do you SikuliX? You really should…

What is SikuliX? SikuliX is an GUI automation tool. It’s open source, so it’s everyone’s favorite price… free!

Sikuli supports a variety of languages. To quote the website:

  • Python language level 2.7 (supported by Jython)

  • running RobotFramework text-scripts is supported (see docs)

  • Ruby language level 1.9 and 2.0 (supported by JRuby)

  • JavaScript (supported by the Java Scripting Engine)

… and you can use it in Java programming and programming/scripting with any Java aware programming/scripting language (Jython, JRuby, Scala, Clojure, …).

Can you guess what language, I prefer my SikuliX? If you said Ruby, you’ve been paying attention.

I’ve been using it for app testing and browser based testing as well.

SikuliX can’t be trained to carry buckets of water just yet

Linux Distro of Choice

If you ask 20 people who  use Linux, “what is the best version of Linux?” you will probably get 20 different answers.   If you’re lucky.

There is actually a website dedicated to tracking every distribution of Linux called,  DistroWatch.

Choosing a version of Linux can be daunting, but it ultimately comes down to what are you looking for in an operating system.

I wanted a version of Linux that had the following specifications:

  • Well documented. When everything goes south, I can’t call somebody, so give me a wikipage I can read.
  • Well supported by a community of users. Many distros are “here today, and gone tomorrow”. That means I need to learn the ins and outs of a new system every few years? No thank you, I am busy enough.
  • Works well, easy to use, doesn’t require a lot of maintenance.
  • Regularly updated. I was looking at one variant of Linux, that looks GORGEOUS, but it hasn’t been updated in over a year.
  • Offers a variety of developer tools. This is a minor consideration, as most Linux distros can use all the same tools.

So which Linux ticked all my boxes? Fedora.

Currently at version 27 (as of this writing), I have been using it a few months now and I am very happy with it.

  • It’s very well documented.
  • It has great community support. In fact, the good people at Red Hat Linux sponsor Fedora.
  • Has it’s own “magazine” with regular tips and tricks for users of all levels. I liked the article which showed how to change your boot up window to a Hot Dog.
  • It works great. Try it yourself.
  • It’s regularly updated, and they release a new update every six months or so. Fedora 27 was released Nov 14th, 2017, and Fedora 28 is expected May 1st, 2018. Upgrading is pretty easy.
  • Has all the software tools and toys you could ever want.

Give it try! It’s light years better, faster, and more secure than Windows.

Mr Hot Dog says, "Eat me!"
Mr Hot Dog says, “Eat me!”

Java and JavaScript

I was sitting in a meeting and there was a bit of confusion about whether the specification called for Java or JavaScript.

When I asked about which one it was, I got this amazingly hysterical answer.

“Java or JavaScript? Doesn’t matter, it’s really the same…”


Allow me to clarify, in case you find yourself locked in a room with people who speak only in buzzwords and really have no idea what they are talking about.

Java is a programming language written in 1995 by James Gosling. The dream was that it would be a “write once, run everywhere” language. It runs on a Java Virtual Machine, and it’s hugely popular to teach on college campus.

Also, there are like a billion unemployed Java developers.

Let’s take a look at “Hello World” in Java.

class HelloWorldApp {
    public static void main(String[] args) {
        System.out.println("Hello World!"); // Prints the string to the console.

Classes, Public, Static, void,…. it’s not for the casual relaxing day of coding by the beach.

JavaScript has nothing in common with Java. It is a completely different language with a similar naming.

Programs in JavaScript are called scripts. They need no compilation, you just write a script, append it to HTML-page and it works.

Let’s take a look at “Hello World” in JavaScript.

alert('Hello, World!')

Really simple, and runs in most every browser.

Oh yeah, and they are NOT THE SAME.

Have you read this PDF?

Google-PDF-Image-Result-150x150A friend of mine came to me with interesting situation.

He was a teacher at a school where the student’s email address was their student number + the school server. If you were student number 121, your e-mail address was

You get the idea.

The report cards were in PDF form, and they wanted to mail off the report cards to the students. How were they planning on doing this?

  1. Gather a group of teachers in a conference room with their computers
  2. Give them a thumb drive full of report cards on PDFs
  3. Have the teacher open the PDF file
  4. COPY the student number
  5. Create an email, using the COPIED student number (PASTE and type “”)
  6. Copy from ANOTHER text source the message, “Dear Student, yakkity yak yak. Here is your report card. Read ’em weep. Love, the School”
  7. SEND email
  8. Rinse, lather and repeat
wearing a mask, a cape and armed with mad Ruby skillz, you can save the world (or at least a roomful of teachers)

This looks like a job for RUBY SUPERHERO!

Part One: Reading PDFs.

Like most tough things in Ruby, there is a GEM for that. In the case of parsing PDFs, you need to install the PDF Reader Gem which is located at:

Using this Gem, we can read the PDF and put it into a string format and then extract the data we need.

After installing the GEM, your script will start with

#!/usr/bin/env ruby
require 'pdf-reader'

Part Two: Counting the (Report) Cards

Since we have a folder full of PDFs, we need to read the folder and get a count of the PDF files in the folder.

theCount = Dir.glob('*.pdf').count
puts "there are " + Dir.glob('*.pdf').count + " files to e-mail"

I like to toss in friendly put messages so when things go horribly wrong, you get some indication of where it broke.

Part Three: Iterate thru the folder

Dir.glob('*.pdf') do |rb_pdf|

# lots of Ruby Magic! 


This nifty line says, “Read the directory, looking ONLY at files that end in .pdf and call the elements “rb_pdf”. As you go thru the elements one by one, do stuff to them.

The stuff part is coming.

Part Four: Read the file!

reader =

This is where the GEM pdf-reader comes in. It will read the file element “rb_pdf” and creates an object called “reader”.

Object “reader” has a number of elements, but we are most interested in the text of the object.

longString = page.text

Now that the ENTIRE report card is a string, we just need to find the student number in that string data so we can generate the email address.

But wait, how to find the number in that haystack of data?

Part Five: Oh yeah, it’s REGEX time!

Regular Expressions, or regex, is a great way to find most anything in an ocean of data, but it has a brutal learning curve and it’s very unforgiving to newbies. There are lots of great resources and tools online to help you with Regex, I suggest you use them.

I know the student number is the only 6 digit number in the PDF so I’ll look for that.

studentNumber = longString[/\b\d{6}\b/] 
#returns the six digit number for emailing
eMailTarget = studentNumber + ''

Part Six: Mailing ain’t easy
So, you test the code and it all works great… but how to mail?

This was the hardest part, and your milage may vary depending on the mail server configuration where you are.

You might need to install the mail Gem, depending on where you are.

require 'mail'  # ruby mail library.
require 'openssl' #sometimes, Outlook just makes you crazy...
#Sending via Outlook

    Mail.defaults do
      delivery_method :smtp, { 
                               :address              => '',
                               :port                 => 587,
                               :domain               => '',
                               :user_name            => 'theSchool/poorTeacher',
                               :password             => 'summerVacation',
                               :authentication       => :login,
                                :enable_starttls_auto => true,
                                :openssl_verify_mode => OpenSSL::SSL::VERIFY_NONE  
    # send test message
    Mail.deliver do
        from    ''
        to      eMailTarget
        subject 'Report Card'
        body    'Congratulations on getting a report card'
        add_file :filename =>  rb_pdf
    puts "mailed to " + eMailTarget  
    # end of mailer part

So what have we learned?

  • If you are doing the same thing 10 or 20 times over, it means a script should be doing it.
  • You can read pdfs using a Ruby Gem.
  • Regex is wicked powerful and can be wicked hard to figure out.
  • Outlook can drive you crazy if you are trying to automate something.

Updating MacOS X to Ruby 2.0

ruby2MacOS X comes with ruby by default. It’s great, but what if you want to join the cutting edge and use Ruby 2.0 and Rails 4 like all the cool kids?

First, let’s look at which version we have installed.

Heinrichs-iMac:~ hbeck$ ruby -v
ruby 1.8.7 (2012-02-08 patchlevel 358) [universal-darwin12.0]

I like things simple, so let’s find a simple way to update this.


Fortunately there is a simple package manager called “Homebrew” which makes life very easy. I like easy.

Installing it takes one line in the terminal:

Heinrichs-iMac:~ hbeck$ ruby -e "$(curl -fsSL"

After you install, pay attention to the instructions. You may need to run a command to update it, which you should do.


Some people prefer to manage their versions of Ruby using RVM. I prefer to use rbenv. It’s simpler and lightweight. The documentation for rbenv is here.

Heinrichs-iMac:~ hbeck$ 
brew update
brew install rbenv
brew install ruby-build
brew install openssl  #this part might be optional, if it is, you will get a notice saying, "already installed"
CONFIGURE_OPTS=--with-openssl-dir=`brew --prefix openssl` rbenv install 2.0.0-preview1

the last command will take a while to run.

When it finishes, you can run this command to see WHICH versions of ruby are installed

Heinrichs-iMac:~ hbeck$ rbenv versions
* system (set by /Users/hbeck/.rbenv/version)

So the asterisk shows that there is a system ruby (which we already is know 1.8.7) and a cool hotrod 2.0.0-preview1 available.

Since we installed rbenv, we need to tell our $PATH profile to use the settings from rbenv and then “restart” the shell to use the new settings

Heinrichs-iMac:~ hbeck$ echo 'eval "$(rbenv init -)"' &gt;&gt; ~/.bash_profile
Heinrichs-iMac:~ hbeck$ exec $SHELL -l

Let’s make that hotrod switch! You will need to CAREFULLY type the name of the version, so watch that you get all the characters correct.

Heinrichs-iMac:~ hbeck$ rbenv local 2.0.0-preview1

So let’s verify that we have the correct version.

Heinrichs-iMac:~ hbeck$ ruby -v
ruby 2.0.0dev (2012-11-01 trunk 37411) [x86_64-darwin12.4.0]

Google Latitude is set to zero

I like Google Latitude.

My friends and I share where we are and we can all see each other on a map.

I was always disappointed that there wasn’t a Google Latitude app for the iPad once I got my iPad mini.

I considered building one myself, but was busy with other projects.

Then this:

Earlier today, we announced that Google Latitude is no longer part of the Google Maps app, and we’re retiring Latitude on August 9, 2013.
This means that after August 9, your Latitude friends list will be deleted and you’ll lose the ability to share your location with them. There will also be some changes to Location Reporting and Location History, including changes to third-party applications that use Google Latitude. Please see our FAQs for more information.
We understand some of you still want to see your friends and family on a map, which is why we’ve added location sharing to Google+ for Android (coming soon to iOS).
Thank you for using Google Latitude.
Sincerely,The Google Latitude Team


A hearty “screw you” for the people who really like the app and the developers who use it for all kinds of things.

There is a more in-depth article over at about the politics behind this and all those effected.


Update: It seems that if you go to Google+ and choose “Locations”, you can see yourself and your friends who shared their location with you. I like having it in Maps more, but at least it is something.


just trying to find the answer…