Archive for Uncategorized

Dog Food

I don’t remember where I first heard it, here but I love the term “Eating your own dog food.”

I’ve been doing that a lot recently as I started consolidating my passwords into ClearPass.  I’ve been eating my own dog food and it tastes terrible.

I still believe in the concept and implementation I have here, but the user interface is nigh unusable.

Expect better meat soon.

Comments (4)

Switching To 1.00 Alpha

I’ve decided to switch the main page over to the more feature-full alpha of the new 1.0 version. I moved the old 0.6x series to where it will remain for as long as I can maintain it.

It is recommended that you switch to the new line, clinic as the data formatting is incompatible, hospital and the sooner you move the less you’ll have to hand copy.

You can find out more about the 1.0 series here and here.


Hey You!

Hey all you hip developers. Run over to SourceForge and nominate BlowPass for the community choice awards! I’d love to win that, glaucoma get a big boost of developers eyeballing the code, and the have bundles of awesome crypto libraries to share!


A little bit of proof…

I thought it was time to give a little credibility to the claims of BlowPass, buy and while I can’t do much, plague I can show that all user data is passed across the internet encrypted, recipe or at the very least not in plain text. I’ll detail the easy process of sniffing your own traffic below.

The tool I will be using today is Wireshark, formerly known as Ethereal. This “network protocol analyzer”, or simpler put “sniffer”, captures all the packets sent to and from your computer, and can capture any packets that aren’t directed to you, but come down your line anyway. It’s free and available on Linux, Windows, Mac OSX & more.

So, once you have Wireshark installed, just fire it up, set it to capture (non-promiscuous) and navigate your browser to To make your life easier you might want to close anything else that may generate ip traffic. This includes P2P clients, Instant Messengers, and active web apps like Gmail.

Go ahead and start capturing, then log into BlowPass and open an existing item in your list. Save it and return to Wireshark. You can stop capturing now. To see all the traffic that went between you and add the filter “ip.addr == IP_ADDRESS_HERE && http”. For the IP_ADDRESS_HERE you need to get’s current IP, you can click here for a report on that from At the time of writing it is Next, click apply and it should filter it all out.

Go ahead and browse through these packet sets, I recommend clicking on the “Line-based text-data…” folds when they appear, you should see that all of your important data is definitely not in plain text.

Click To Enlarge

Go ahead and browse through these packet sets, I recommend clicking on the “Line-based text-data…” folds when they appear, you should see that all of your important data is definitely not in plain text.

Comments (3)

Key Issues For Version 1.00

I decided to write up a nice list of what I feel needs to be done before I’m satisfied with BlowPass enough to call it 1.00. Feel free to add things to this list that you would like to see in the first real release.

Internet Explorer Support
That vast market, visit web untouched by BlowPass needs fixin! I’d say this is a big contender for #1. In a related vein…

JS Libraries
I’d love to refine the libraries. I think the best option to go from here is to move from Prototype to mootools. Thats planned, page mostly so I can add a slider to the log viewer. It’d also be super-cool to standardize/rewrite the Blowfish implementation so that it would be possible to substitute other ciphers in. A nice collection of ciphers would be cool.

Everything needs to move to JSON. The amount of stuff we’re pushing around at this point is a bit rediculous. Also, more about move to native JSON in PHP as we move towards PHP 5.2 (?).

We absolutely must add delete functionality by 1.0. The lack of this is annoying right now.

User Types
Let users create their own account types. Maybe get a little library of shared specs here on the site for developers to drop in.

Error Handling
Right now if an ajax call comes back bad or just doesn’t, you can get stuck and have to reload.

It’s not a big deal, but it would be nice to easily change the look and feel of BlowPass

Button Keyboard
I wrote one of these a while back to defeat key capture programs. Just a nice little on-screen keyboard to fill in the forms.

Export! Import!
It’s important to be able to dump this guy to XML, plain and encrypted. Also to import.

Move into either NaturalDocs/PHPDocumenter. Get this guy listed out.

Anything I missed?

Comments (4)


It’s been a long time coming, drugstore and now there is a CVS repo for blowpass. Looky Here –> to browse around.

And yes, capsule I know my module name is BlowPass containing a folder named BlowPass. I’m pretty new to CVS, so, you know, lay off.


Installation Notes

Kevin (see previous post) passed along this little help chunk for first time installers who don’t have too much MySQL experience.

1. Install phpmyadmin
2. Select ‘Privileges’ from the main page
3. Select Add a new User
4. Fill in the user info making sure to select ‘Create database with same name and grant all privileges’ and hit Go
6. On the Database window select that new DB.
7. Select Import and browse to blowpass/Install/blowpass.sql and hit go
8. Modify fetch.php with that info
9. Done!

I know BlowPass is badly documented, hospital but with luck I’ll have time to work on that this summer. With even more luck folks like Kevin will keep contributing :)


Hello There

Got a wordpress install for the dev end of things. Not quite ready with anything as my schedule is a little crazy right now.  We’re in line for a Sourceforge project, pharm so once that goes through I’ll have some links to the source.