Cryptully: Simple Encrypted Chat

Back in May I started a project with the goal of allowing simple chat (instant messaging if you will) between two people, except that everything was encrypted. The original goal was not to reinvent the chat program, but rather make a chat program with a very specific purpose: quick, encrypted chat between two people. Why? There are more chat clients that anyone can count out there and a similar number of them are encrypted. The problem is that few people use encryption and setting it up is a pain. The user has to install software and configure software. This does nothing but deter the user from using any type of secure communication. I set out to create a simple chat client with the following goals:

  • All messages are encrypted.
  • Easily accessible to everyone.As in, no knowledge of crypto required.
  • Cross platform; it should run on Linux, Windows, and OS X.
  • No software to install and no user accounts to create.
  • Just bare bones chat with a minimal interface. Nothing fancy here.
  • Simple enough that the code could be inspected by anyone who is curious to verify nothing suspicious is going on.
  • Ability for users to host their own servers if desired.
  • Open source (of course).

After a few months and iterations of designs and chat clients, I’m very happy to say that I’ve accomplished all those goals. Here’s what the finished product looks like:

It’s called Cryptully and it’s a basic encrypted chat program. The only cryptography the user needs to know is how to check a public key fingerprint and that is explained as simple as possible (read these numbers, if they match, everything is fine). Further, binaries are available for download where all the user need to do is download and run. There’s no dependencies to install or accounts to create.

Cross-platform deployment of Python applications with PyInstaller

A primary goal for my Cryptully project (an encrypted chat program) was to make a desktop application accessible to as many users as possible. Nothing annoys me more than wanting to use a service or program and having to install a program that I’ll just uninstall later or having to create an account. I’m a big proponent of making the barrier to entry to using a new service as low as possible. Since the nature of my program (cryptography) did not warrant a web application, I was pushed to the desktop. The desktop isn’t exactly known for getting something up and running quickly verses just going to a website. This led me to want to accomplish the following for my project:

  • Build and run on Linux, Windows, and OS X
  • No need to install any software
  • No user registrations

With that in mind, I selected the language and libraries that would facilitate that goal. This led to:

  • Python
  • QT
  • M2Crypto
  • PyInstaller

Python for cross platform development was a natural choice as was QT. I’ve found that QT has some nuances with presentation of my application on OS X, but the fact that it worked exactly as intended on Linux, Windows, and OS X was extremely impressive. This allowed me to get my program running on all three OSs, but it wasn’t user friendly, even for a developer. Windows, for example, required the installation of Python, PyWin, PyQt, M2Crypto, and the Visual C++ Redistributable Package. Hell, it took me a few hours to get all those installed and working correctly and I wrote the program. How could I package everything into a single binary file?

In comes PyInstaller.

Contacts WebAPI for Android Example

The first project I was given at my internship at Mozilla this summer was to implement the Contacts WebAPI for Android. This means it’s possible to create, update, view, and delete the contacts on an Android device through the web on Firefox for Android.  Of course, a user has to explicitly allow a webpage access to his/her contacts before Firefox goes anywhere near the contacts.

The Mozilla wiki has some simple examples of how to use the WebAPI, but I quickly threw together a more complete example. The tarball linked below is a collection of basic HTML files that demonstrate the functions of the contacts API in a hopefully straightforward way. Not all of the possible contact fields are present for the sake of page size (and my time), but the others, as documented on the Mozilla wiki, are trivial to implement.

Why did no one tell me about \x08?

For years I would occasionally run across a program that would display a little ASCII art rotating bar to show it was working and each time I wondered how it was writing to what I assumed was standard out, but replacing previously written characters. Not sure what I’m talking about? It’s best to just show a video since I’m not sure there’s a name for it.

Part of the problem is that I didn’t know what it was called so it made searching for it quite difficult. Of course, this type of effect can be achieved with Curses, but there’s no need to bring in a big library for something that’s so simple. Well, it all comes down to \x08. That’s the C escape code for the backspace ASCII character (like hitting the backspace key on your keyboard); or if you prefer, \b will work just fine too. It does as its name implies, writes a backspace which removes the previous character from the stream it’s written to. In this case, we can use it to print out a character, wait a little bit, backspace that character, and then print another in it’s place and so on to achieve the effect above.

Here’s a little C program to do just that put into the form of a nice function that would be useful in a real program. It would probably be better to put it in its own thread while the main thread does the work (or vice versa), but you get the point from the example below.

The trials and tribulations of finding a Linux media player

I’ve been using Linux as my primary desktop OS for roughly five years now and things have come a long way since my first experiences with Fedora 10 to my current Kubuntu 13.04 setup. One of the long term things about Linux that bugged me was the lack of a decent music player. Everything I used was either half-baked and full of bugs, had a confusing interface (I’m looking at you Amarok), or lacked the functionality any media player should have.

  • 2008: iTunes running via Wine (lasted about a week)
  • 2008: Songbird (until support for Linux was dropped)
  • 2009-2010: Switching between Banshee and Rhythmbox when I got tired of dealing with the other’s little quirks
  • 2011-2012: Clementine
  • 2013: MPD with Cantata as the primary front-end

When I first switched from the Windows world, I tried to keep using iTunes with Wine since it was convenient to sync my then iPod video with, but most importantly because only iTunes could play the encrypted, DRM-protected music I had bought from the iTunes store. Thankfully the dark days of encrypted music are gone, but that was after I took on the task of stripping the DRM from all my music so I could use it with a native Linux client.

At the time, the closest software to iTunes for Linux was the Songbird project. Songbird had a very similar UI and had support for addons which made it, in my opinion, better than iTunes. However, this was around the time that the Songbird people decided to drop support for Linux in order to focus on Windows and OS X. Time for me to find a new music player.

For two years I switched back and forth between Banshee and Rhytmbox every few months or so hoping that one would have dramatically improved in that time so I could finally settle on a music player. This never happened. Rather, in 2011, I found Clementine, a fork of Amarok, but with a UI that made sense! Clementine had a few things that didn’t make sense to me, like having to explicitly save a playlist after adding a song to it (it can’t at least have the option to autosave?), but I did like the developer’s sense of humor by adding a Nyan cat music visualizer and a hypnotoad sound.