Back in college, I managed to finish my final project in less than two weeks leaving me plenty of free time. Once my friends found out about this, they started knocking at my door, desperate for help with their own projects (okay, a bit dramatic, but you get the idea!). Intrigued with the opportunity to learn about many unknown, scientifically-unique projects, I officially opened a workshop in my house. 

I helped both in technical things (re: code) as well as report writing. Disclaimer: as far as I understood, I didn’t cross any ethical lines as most of the time I’d guide them with suggestions, sometimes contribute a bit of code, but never do everything for them, and foremost I made sure my friend understood what they created & wrote. This was a labor of friendship, not profit—my “payment” was often cakes or, more commonly, a mandatory FIFA match as part of the consultation deal. One of the most interesting projects is my wife’s (then girlfriend), which is to build a search engine for Quran verses, but the queries and the verses need to be normalized with Indonesian-spelling first. Made with PHP 6 years ago together with my wife, now, I have decided to re-write it into Python as this is my most starred (re: 2 stars) GitHub repo yet!

Continue read

Imagine you’re trying to log in to your mobile app. You enter your password, but instead of being let in right away, you get a message saying, “Please enter the code we just sent to your phone number.” That code is an example of a One-Time Password, or OTP. It’s like a secret handshake that only you and your mobile app know at that moment, making sure it’s really you trying to access your account. In a world where security is more important than ever, OTPs have become the go-to method for keeping our digital lives safe, one code at a time.

In my bachelor’s thesis, I researched virtual passwords which will generate a random password by taking the user’s initial password as its seed, converting each character into 1-2 random alphanumeric characters, and using the converted password to validate the user’s login password. This converted password will be re-randomised again on each login attempt and thus generates a dynamic password during the login process. While the concepts of my past research are similar, I want to demystify the world’s most popular factor in MFA: OTP. In the process, I also fixed a minor bug in a Python library: PyOTP, which allows users to use a non-proper hashing function that will trigger IndexError on OTP generation.

Continue read

Ever wondered how to pull together a VM inventory when you've got a bunch of VMs? I’ve found myself asking this question a few times, so I decided to check out a few tools that might help. This post is the first in a series where I'll dive into different ways to gather basic VM info, like hostname and OS version. In this first post, I will use Paramiko library in Python application and see how I can use this to solve my problem. In the exploration, I will deploy 3 VMs in a cloud environment, which consists of one main server and two client servers.

Continue read