Google+

Setting up Google Two Factor authentication

My daughter was recently asking me what classes she should take for next year, one of the options was Creative Writing. I told her the choice was easy, Creative Writing, "You can never be too good of a writer". Similarly for the Internet, you can never be too secure.

There are LOTS of horror stories out about people who have had their lives severely impacted by people getting access to their account information. Last year, Matt Honan wrote a cautionary tale about how easily someone was able to take over his digital life for Wired. It is well worth reading. If that one was not enough, then you can read another account from James Fallows wrote for the Atlantic.

First off, you should be doing basic things. Do NOT use the same password for all sites. DO NOT have passwords that exist in the dictionary. DO have special characters, numbers and mixed case in your passwords. That is just plain, Internet common sense though.

The reality though is, your password is only so good. What everyone should do is setup two factor authentication. Two factor authentication is really "something you know" (your password) and "something you have", an object like a phone. For enterprise users, this is old hat. The vast majority of large companies require users to have a SecurID card to get access to their network. The card generates a token that changes on a regular internal (60 seconds for example) that user needs to enter when logging in.

However, in the consumer space, this has been much slower in coming. Several years ago Google introduced two factor authentication. Facebook also has the ability for you to enable a variation of two factor authentication. If the browser is not recognized as one you have used before, it will send a SMS to your phone. Twitter is in the process of enabling two factor authentication after 250,000 user accounts were compromised. Microsoft has SOME variation of it. It will occasionally prompt you with a verification code when making account changes or accessing the device from a non-trusted PC. It is however, not a default option for login, and I have never been able to figure out how it decides to send SMS messages. Microsoft really needs to have this option available for those who want it.

We are going to step three enabling Google's two factor authentication, since so many folks have Google accounts.

To enable Google's two factor authentication, first, go to your Google Account and click security and find 2-step verification.

For 2-step verification, change the settings form Off to On.

You will then be prompted for a phone number to use for SMS messages. The phone, along with the accompanying verification code, is the second factor of authentication, it is the thing you have. Type in the mobile phone number

Enter in your phone number and a verification code will be sent to your mobile device. You will then be asked to verify the code

You will then be asked if you want to trust the computer you are on. This will allow you to log in without being prompted with a code very time. This trust usually lasts 30 days.

And then lastly, click confirm

Now, each time you log into your Google account from a non trusted computer, a SMS message will be sent to your phone that will need to enter.

Now, this is a bit cumbersome, I grant you. However, it is almost necessary if you are using Google services for anything remotely important to your non-digital world. Do you have bank account information in Gmail? Then turn on two factor authentication. Do you have send yourself passwords in Gmail? Then turn on two factor authentication. Do you have health information in Gmail? Then turn on two factor authentication. Do you use your Google account as your account name for anything important? Then turn on two factor authentication.

There are a couple of things to realize. You NEED your cell phone to log into Google services now. If you do not have your cell phone with you, or you are travelling overseas without phone access, then you will not be able to log in to your account. However, Google has several options for you. First, for those on the Android platform they have an app called Google Authenticator that will generate the authentication codes for you. Option the second is you can print out a small piece of paper that has a one time, ten digit codes that you can use to get access.

Second, applications that log into Google services to get access to your mail or contacts via POP or IMAP will no longer work. To work around this, Google allows you to create application specific passwords. These passwords are generated on the screen and then you never see them again. There are steps on how to do this at http://support.google.com/accounts/bin/answer.py?hl=en&answer=185833. For those using Outlook, Apple Mail, accessing email via phone, this will need to be done. Those of you paying attention at home will realize you are really back to a single password. While this is true, you cannot get access to your account via web browsers. Second, and more importantly, you cannot manage your account with it. You can also revoke access to anyone of these passwords at any time.

Last, it is good measure to, in Google, Facebook, Twitter, your Microsoft account, anything account you allow to do authorization at other locations, to review what applications you have authorized. So while you are on your account page, review the Connected applications and sites to see who you have authorized to have access, and what level of access to your Google account data.

Personally, I have a Gmail account that I use for my "public" life. It is the address I sign up for things like Facebook with, the email address I use for accessing services I subscribe to, like Netflix, etc. For personal use, I also have a Google Apps domain that I use for personal email with family and friends. Google Apps also support two factor authentication.

As digital identity becomes more and more integrated into daily lives, it is everyone's responsibility to ensure they can be secure as possible. Take the steps now where you can, because by the time you should have taken the steps, it will be too late.


 

Have Your Pi and Eat it Too: A Comparison of C# and C++ Performance

In honor of National Pi Day, we thought it would be fun to calculate Pi and talk about performance differences between C# and C++. There is some math coming your way (yeah Math!), but feel free to skip to the end for a discussion on performance.

So back in the day, when things where WAY different, Pi was calculated using a mathematical series. One of the more famous ones uses the arctan math function to calculate the value of π. This is called the Leibniz formula for π and is represented by

Pictue 1

Now, this is one of the more inefficient ways to calculate π, it takes about 10 million terms to get an accuracy of 7 decimal places. For those of us asking performance differences between languages though, that is great!

We have written two programs to calculate π, one in C# and one in C++. They are both syntactically similar and use the same algorithm. We tried to get as close to an apples comparison as we could, but in comparing two different languages, we did our best, you are still comparing an apple to an orange.

So, what did we see? We calculated π to 15 decimal points, 3.141592653589793 for those of you keeping track at home. Both programs took almost 100 million iterations to converge, 99,995,330 to be exact. We ran each of the programs 10 times to get an average as shown in the following table

Run C++ C#
1 4.384 6.908
2 4.299 6.466
3 4.3375 6.805
4 4.18 6.584
5 4.523 6.516
6 4.186 6.518
7 4.164 6.492
8 4.175 6.351
9 4.274 6.56
10 4.342 6.589
Average 4.29 6.58

The calculation of π using C++ is 35% faster that it's corresponding C# code. This is to be expected. Many modern languages such as C# and Java run through a managed runtime. This brings MANY efficiencies to developers. However, the runtime tends to add overhead when it comes to performance.

The pragmatic folks reading this realize, that the benefits of a managed execution environment and modern language generally outweigh performance gains from a language like C++. There are reasons that C# and Java are used instead of C++ because developers can be more productive. Our example here, using a very slow numerical algorithm and running it for ten million iterations is a stretch for most scenarios. The 2.5 second difference for such an intensive calculation, while relatively large in our example, in the grand scheme of things is not that big of difference.

So why bring it up? It is important to think through performance more and more in today's computing environment for two reasons. The first is cost. As more and more organization move to utility based computing with hosted services, such as Amazon Web Services (AWS) and Azure, organization are paying for their compute cost. If you can realize performance gains that reduce CPU cycles that has a direct impact on the bottom line. The second reason is that mobile is taking over the world, and mobile users want more battery life, not less. Fewer CPU cycles on a smartphone or tablet will result in better battery life.

It will be very rare that most organizations would use C++ or other "closer to the metal" languages for their Line of Business (LOB) applications. The moral of the story though is for intensive processes in cloud hosted or mobile environments, you want to be razor focused on optimizing your code for performance, no matter what language you choose.

Both code examples are included, so for National Pi day, make a circle, calculate some π, eat some pie and enjoy!

C++

// LifeOfPi.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <iostream>
#include <iomanip>
using namespace std;

void pi( double *pi_value, int *iterations);  

int main ( void )  
{  

      int iterations = 0;     // number of actual loop iterations in pi 
      double pi_value = 0;    // computed value of pi 

      clock_t cBegin = (double)clock () ; 
      pi(&pi_value, &iterations);  
      printf("   %0.15f with %d iterations\n",  pi_value, iterations);  
      clock_t cEnd = (double) clock() ; 

      std::cout << float( cEnd - cBegin ) 

return 0;  

}    

void pi( double *pi_value, int *iterations)  
{  
      int i;  
      int k=1;
      double realPi = 3.141592653589793; 
      double epsilon = 0.00000001;
      double delta=10;
      *pi_value= 0;
      while (delta>epsilon) {
            *pi_value += pow(-1,(k+1))/(2*k-1);
            delta = fabs((4* *pi_value)-realPi);
            k++;
      }
      *iterations = k;
      *pi_value = 4 * *pi_value;

      return; // indicate program ended sucessfully 

} // end fucntion main 

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace LifeOfPiCSharp
{
    class Program
    {
        static void Main(string[] args)
        {
            int iterations = 0;
            double pi_value = 0;

            DateTime startTime = DateTime.Now;
            pi(out pi_value,out iterations);
            DateTime endTime = DateTime.Now;
            Console.WriteLine(pi_value.ToString() + " in " + iterations);
            TimeSpan diff = endTime.Subtract(startTime);
            Console.WriteLine(diff.Seconds + "."+diff.Milliseconds);
        }

        public static void pi(out double pi_value, out int totalIterations)
        {
            double realPi = 3.141592653589793;
            double epsilon = 0.00000001;
            double delta = 10;
            int k = 1;

            pi_value = 0;
            while (delta > epsilon)
            {
                pi_value += Math.Pow(-1, (k + 1)) / (2 * k - 1);
                delta = Math.Abs((4 * pi_value) - realPi);
                k++;
            }
            totalIterations = k;
            pi_value = 4 * pi_value;

        }
    }
} 

 

This blog post originally appeared at Skyline Technologies


 

Automatic Builds and Deploys to Azure Websites

Azure Websites are a great tool to explore pieces of the various technology stacks, especially in the Microsoft space. They include the ability to quickly spin up servers running blogging engines, CMS systems, etc. You can also create other services such as SQL back ends, Media services, Access control services, etc. At the end of the day though, what you are really getting is a shared server in the cloud, than can host all kinds of custom applications as long as you know how to get them there.

For developers, one of my favorite parts of Azure websites is the integration with cloud hosted source code repositories such as Github and Microsoft's cloud version of Team Foundation Server. You can setup your Azure hosted website so that any time you or members of development teams you are on check in code, it is automatically built and deployed to your site. Organizations that implement projects in this manner, with automatic builds, unit tests and deploys to test or production servers without ever touching the server are much more mature organizations with less bugs and more reliable code. If you are at an organization were you are NOT doing this, Azure websites and integration with TFS or Git can be a great tool in helping build a business case within the organization.

The good news is setting this up with Azure websites is trivial. Let's walk through the process.

For this post, we will automatically deploy a MVC project in Visual Studio hosted in the cloud version of TFS to an Azure website. The first step is to create a TFS account in the cloud if you have yet to do so. You can do this at https://tfs.visualstudio.com. The good news is for individuals and small companies or development shops, this is free. Microsoft allows for up to five users for TFS cloud hosted project. Teams that are bigger than that can also use TFS, but will have to migrate to a paid version down the road. As of this time (March 2013) pricing has yet to be announced.

Click the Sign up for free link after signing into TFS preview. You will then be asked to create a URL for your TFS project

Click create account and you are then take to the Project screen. From here you can either create a Team Project or a Team Project with Git support.

We will create a New Team Project

A few seconds later, a Team Project is created.

You can now connect to this TFS site from Visual Studio. To do that, go to the Team menu and select Connect to Team Foundation server

Click the Add button and type in the URL that you just created, in our example, CodeMoneky.VisualStudio.com (I realize typo, the original URL was taken...)

You will be prompted to sign in with your Microsoft account. You can then create your project and check it an as you as you normally would. Add the solution to source control

And check in your code

Now you have gone through the process of adding your code to TFS. The next step is to get the automatic build and deploy working. That is the easy part!

Log into the Azure Management console and create a new Azure website by clicking the new button in the bottom right

Choose custom create from the options

Create a URL for your site and make sure Publish from source control is checked. By default it is not

Click the source code repository of your choice, our example will be TFS.

Independent of the back end (TFS, Git), we will authorize the account. For TFS, click the Authorize Now link

It will then show a list of projects hosted in TFS, we just choose the project to deploy.

It then creates the project. We wait a few minutes, if we have not waited long enough we see a screen like this

And after we are done, the default MVC template project.

The best part, now whenever solution changes are checked in by you, or project team members, they are automatically deployed from TFS to your Azure website. This functionality is the same for other source code repositories.

As you can see, Azure websites integration with source control systems like Git and TFS make the automation of your build process sleek and simple. It is a great opportunities for small companies and startups to have best practices in place as well as the ability to quickly see code changes and updates. Check it out!


 

John Ptacek I'm John Ptacek, a software developer for Skyline Technologies. This blog is my contains my content and opinionss, which are not those of my employer.

Currently, I am reading Norse Mythology by Neil Gaiman

@jptacekGitHubLinkedInStack OverflowGoogle+