Mobile One-Time-Passwords in Ruby

I recently came across the Mobile One-Time-Passwords project, which aims to make a free, secure alternative to commercial two-factor authentication systems (like SecurID). The thinking is pretty simple: virtually everybody now carries a mobile phone capable of running basic applications, so there’s no reason that such an application couldn’t provide the processing power to generate one-time-passwords based on a shared secret, a PIN number known only to the authenticating party and to the server, and the current date and time stamp.
Great! But it turns out that despite there being libraries to produce server-side implementations of the technology in PHP, Perl, and C, nobody had yet bothered to write one in that most marvelous of programming languages, Ruby.

Well, now I have. So if anybody’s got the urge to add one-time-password based security to their Rails or Sinatra app, or would like to write an MOTP client for their Ruby-capable smartphone: well, now you can.

Off To Norfolk!

Claire and I are leaving Aberystwyth for Norfolk! Off to spend Christmas with her folks before heading up to Preston on Boxing Day to be with my family.

Have barely begun wrapping presents. For that matter, I still haven’t had delivered my mum’s present. Or one of Claire’s. Damned freaky postmen. Or something.

In any case, I’ll be in and out of internet access (well, technically, I’ve now put my Psion 5mx back into active service, which, combined with my funky GPRS mobile phone, puts me online ‘everywhere’, but hey: I think I’ve downloaded a telnet client so wherever I go I *theoretically* have e-mail access… we’ll see).

I’ll drop a blog entry or two while I’m gone.

In the meantime: Merry Christmas, y’all.

Justification Of What You All Already Thought About My Sanity, And About Orange’s Competence

As I promised a few days ago, I called Orange today to complain that I hadn’t ever received the two messages for which I’ve had the cost refunded. The first couple of people said that there was nothing that they could do, but a lot of harassment and a few calls later, and I persuaded them to send me the latter of the two messages, which is apparently a Christmas greeting.

A few minutes later, my phone beeped to let me know that a new message had been received. A new multimedia message. The body of which was as follows:

You
have received a Multimedia Message, which your handset unfortunately
cannot support. Please refer to the accompanying text message and follow
the instructions to view the message from the web.

WTF???

Did I miss something here?

  1. Orange send me a message to apologise for having charged me for receiving some messages from them, and give me a refund, even though I never received said messages. Can’t find any mention of them on my bill, either.
  2. I complain at length to Orange that I never received the messages that I wasn’t billed for (I don’t mention that I don’t seem to have paid – they might take the refund back out of my next bill or something), and they promise to re-send it.
  3. The message arrives on my multi-media phone – the phone that they know I have and apparently already sent this message to, once, but it’s in a format that my phone can’t understand.
  4. There is no accompanying text message.

Shall I ring them up and complain again?

Orange Gives Me 80p For No Apparent Reason

Today, Orange sent me a text message apologising for charging me for two picture messages earlier this year, and have apparently credited me 80p as a gesture of compensation. The Register reports that this has happened to others, too, but I can’t help but feel that Orange’s mistake is even larger than they thought it was – I never received these picture messages in the first place!

I’m tempted to call them and complain that I didn’t ever receive the two picture messages for which I’m having my money refunded, but as I’m not even sure that I was charged for them, either (can’t see it on my bill), I’ll probably lose me free 80p if I do. Decisions, decisions.

In other news, comment-heavy discussion on the difference between Christianity and Islam on Alec’s LiveJournal [link updated to use Web Archive, which still holds a copy]. Take a look.