Steganography API at your service.

Categories Open Technologies, Privacy, Security
API

Steganography is the art and science of embedding secret messages in a cover message so that no one, apart from the sender and intended recipient, suspects the existence of the message. 

The most common example is to hide a message in an image file without compromising how the image looks. The majority of the people are using the photos to share a fantastic moment or two and don’t know that they can contain a secret message.

What could be the use-case?

Someone can hack your phone and embed your text messages in the pictures you take and share in, say, Instagram. 

A not so happy employee can post a picture on your blog with a secret message embedded in it to share some trade secrets with your competitors. 

Another person can embed an exploit in a PNG ads image; JavaScript code would parse the PNG image, extract the malicious code, and redirect the user to the exploit kit landing page.

Steganography also is a well know method for exchanging information between spies. 

Even if it sounds like science fiction, this is a very viable threat against your systems and you.

Steganography Protector API

I have created a small API (as a Proof of concept) that could discover a secret message hidden in any image file.  

The end-point is here:

https://sapigate.herokuapp.com/steg

It accepts POST requests only. 

The input should be JSON encoded, and it should consist of a binary stream of your image.

Here is a Python example.

import requests
url = 'https://sapigate.herokuapp.com/steg' 
my_img = {'image': open('secret.png', 'rb')}
r = requests.post(url, files=my_img) 
print(r.json())  

The result of the command can be:

{'message': 'Secret Message', 'status': 'sucess'}

I am planning to extend the API by adding more use-cases and documentation, but if you are free to start using it right away.

If you have any questions about it or it seems down, contact me via Twitter – @bogomep

A practical use

You could read all of your images from your blog and via the API to check whether they contain a secret message or not or to check for hidden traces of your last Instagram image.

If you are looking for a picture with a secret message inside – why don’t you test this one:

HacktoberFest – done; Why care?

Categories Community Management, Open Technologies, Technologies

I still remember the good ol’ times where I almost convince an entire company to allow their > 500 employees to contribute to an opensource or a free software project at least 1 hour a month.

The journey was hard. I prepared a strategy and facilitated the discussion, and spend numerous hours taking to smart legal people to create a framework for that.

Also kind of convinced everyone that this is a good thing and created a list of projects to contribute to, separated in categories – for developers, for testers, for marketing and sales, for the other experts we had.

I also finally convinced the company that that one hour will be donated (because the company owns all you do during working hours).

Well, nothing happens with that Initiative after I left. I still see some ideas mentioned on their blog, but it seems it’s not supported anymore.

Maybe you lost my train of thoughts and to be honest I am in the same situation as well. Haha!

I just wanted to brag about that I finished my #hacktober challenge this year and their goals it seems to be the same as mine while trying to convince the company – teach everyone why sharing is caring and why contributing to the Open knowledge is the best you can do.

You don’t have to be a developer or a byte guru to do so; Everyone can do that, and it makes you proud, and it makes you feel happy.

Credits: Photo by OneRas. Licensed under Creative Commons license

How to engage us, developers to use your API.

Categories Community Management, Growth Hacking, Marketing, Mashup, Mozilla, Open Technologies

There are tens of thousands of API’s available. More to come. Most of the companies though, have troubles engaging developers to use them. So I have decided to share a few thoughts and ideas on how you can do that, based on my experience.

Design your API well

Nobody likes powerful, but not developer-friendly APIs. Follow the “standards” in the area, but innovate a bit to make us (developers) happy and eager to learn more. I will not spend more time here, because I guess you are already building your API if you need the information below. If you are looking for more info on that subject, click here to read an excellent article.

Document your API

If you want other people to use it – document it well. Add examples for the most popular programming languages. Copy/ Paste/ Run is the first step to a great journey.

Do not forget the not-so-trending programming languages at the moment. Target people who explore them – they are the right group to start with.

Eat your own dog-food

Ask your internal developers to use the API. Get the feedback from them and make it better. I am not talking about the developers who wrote the API, they must use it of course. Try to engage other teams within the company (if you have any) to use the API.

Organize an internal Friday APIJam. Sit together in a room for a few hours and do something useful using the technologies you work with – don’t push them to learn new language or technique – just use the API focusing on the value.

Come up with nice awards for the most active participants, get some sweets and drinks (even beer) as well. Then ask the participants to present their work at the end and listen to their feedback.

 

Hack your API

Organize hackatons with external groups or jump into such organized by someone else – ask developers to hack the API and to create a small app that will serve theirs needs – then promote the effort and make those developers rockstars by using your PR channels.

The goal is not to test your API (as you do during the internal APIJam event), but to show the value that your API brings to the world. The Call for Action should be something like “use our API to build your own App”.

Create more initiatives like that. Repeat();

Connect

Get in touch with the local developer groups and go the their next meeting with some pizza and beer. Show them your data, ask for their feedback, show them your API, don’t be afraid to ask for help.

Then create a fair process to work with communities around you – what you want from them and what’s in for them.

Discuss

Push the discussion around your API and manage it. Respond to comments immediately, ask for feedback and show how it is implemented. Post your API to reddit, Dzone and other similar sites and get real, honest feedback (together with some trolls, that’s inevitable)

Equilibrium

Treat your community members equally. Sometimes a new member can have a kick-butt idea and if you ignore him/her this can have negative impact overall. Focus on the value!

Partner up

Find partners to help you to get traction. Why don’t you contact your local startup accelerators and do something together to include your awesome API as an requirement for the next call? Does it work? Oh yeah!

Explore

Constantly explore new ways and hacks on how to engage the community, but remember – this must be a fair deal – every part should be happy and equally satisfied. This is your way towards an engaged community.

The best API ever?

No, it’s not yours. Is this one :)

 

What do you think?

Do you have a different experience? Please share!

 

More resources?

P.S The head image is under CC license by giorgiop5

 

Voice navigation – bringing your app to the next level?

Categories Open Technologies, Startups, Technologies, UX

This morning I was surprised by Google Drive. They offered me to use voice for some basic commands, instead of selecting them or using a shortcut (in my case).

A few months ago I created an experiment by combining the shiny SoHo Interface with a few good working opensource javascript implementations for voice and gesture to control the interface.

I knew that some companies were experimenting with it but maybe because I was too busy with other projects and day-to-day routines I hadn’t realized that the time for it has come. 

I am sure that the experiment by Google (seems useless from user point of view) will evolve into something more usable and can save a lot of time to the end-user.

 

Pros:

  • It’s fun – you can shout commands to your website and it will respond with an action.
  • Sometimes you can do something useful – like control your HTML5  game or even login to your favorite website.
  • Brings apps to people that can’t write (yet), but can talk – this is something huge.
  • Widens the horizon of the developers and companies – think about one more usability and User Experience layer
  • It is super exciting and it evolves well.

 

Cons:

  • There are some technological ones, but I don’t want to be a hater this time :) Yay!
  • The other one is what happens with all of the data collected by the mic? Some of the devices are known for listening all the time for the our precious voice. Should we start ripping batteries off from our laptops and tablets like we do for our mobile phones?

 

How to get started?

See my demo here – there is a video  for voice and gesture controlled UI. This is how a modern app should look like – you can use your voice, but also to listen to the voice answer sent back to you and if you feel like moving things around – use your webcam to do it..

 

More links:

 

  • I am using Annyang for the voice commands 
  • Gest.JS for the gestures
  • and this JS library to interact with the GoogleTTs engine 

What is the future?

Bright – pretty soon we’ll be seeing more and more startups combining the Voice with the millions of the APIs that exists to build even interfaceless applications that will work well at the beginning and then will replace most of those apps we use these days.

 

What do you think?