Twitter RNG Is Powered By Memes

January 25, 2018 by 8 Comments

Twitter is kind of a crazy place. World leaders doing verbal battle, hashtags that rise and fall along with the social climate, and a never ending barrage of cat pictures all make for a tumultuous stream of consciousness that runs 24/7. What exactly we’re supposed to do with this information is still up to debate, as Twitter has yet to turn it into a profitable service after over a decade of operation. Still, it’s a grand experiment that offers a rare glimpse into the human hive-mind for anyone brave enough to dive in.

One such explorer is a security researcher who goes by the handle [x0rz]. He’s recently unveiled an experimental new piece of software that grabs Tweets and uses them as a “noise” to mix in with the Linux urandom entropy pool. The end result is a relatively unpredictable and difficult to influence source of random data. While he cautions his software is merely a proof of concept and not meant for high security applications, it’s certainly an interesting approach to introducing humanity-derived chaos into the normally orderly world of your computer’s operating system.

Noise sampling before and after being merged with urandom

This hack is made possible by the fact that Twitter offers a “sample” function in their API, which effectively throws a randomized collection of Tweets at anyone who requests it. There are some caveats here, such as the fact that if multiple clients request a sample at the same time they will both receive the same Tweets. It’s also worth mentioning that some characters are unusually likely to make an appearance due to the nature of Twitter (emoticons, octothorps pound signs, etc), but generally speaking it’s not a terrible way to get some chaotic data on demand.

On its own, [x0rz] found this data to be a good but not great source of entropy. After pulling a 500KB sample, he found it had an entropy of 6.5519 bits per byte (random would be 8). While the Tweets weren’t great on their own, combining the data with the kernel’s entropy pool at /dev/urandom provided something that looked a lot less predictable.

The greatest weakness of using Twitter as a source of entropy is, of course, the nature of Twitter itself. A sufficiently popular hashtag on the rise might be just enough to sink your entropy. It’s even possible (though admittedly unlikely) that enough Twitter spam bots could ruin the sample. But if you’re at the point where you think hinging your entropy pool on a digital fire hose of memes and cat pictures is sufficient, you’re probably not securing any national secrets anyway.

(Editor’s note: The way the Linux entropy pool mixes it together, additional sources can only help, assuming they can’t see the current state of your entropy pool, which Twitter cats most certainly can’t. See article below. Also, this is hilarious.)

We’ve covered some fantastic examples of true random number generators here at Hackaday, and if you’re looking for a good primer for the Kingdom of the Chaotic, check out the piece by our own [Elliot Williams].

Number Twitters

May 9, 2017 by 47 Comments

Grab a shortwave radio, go up on your roof at night, turn on the radio, and if the ionosphere is just right, you’ll be able to tune into some very, very strange radio stations. Some of these stations are just a voice — usually a woman’s voice — simply counting. Some are Morse code. All of them are completely unintelligible unless you have a secret code book. These are number stations, or radio stations nobody knows much about, but everyone agrees they’re used to pass messages from intelligence agencies to spies in the field.

A few years ago, we took a look at number stations, their history, and the efforts of people who document and record these mysterious messages used for unknown purposes. These number stations exist for a particular reason: if you’re a spy, you would much rather get caught with an ordinary radio instead of a fancy encryption machine. Passing code through intermediaries or dead drops presents a liability. The solution to both these problems lies in broadcasting messages in code, allowing anyone to receive them. Only the spy who holds a code book — or in the case of the Cuban Five, software designed to decrypt messages from number stations — can decipher the code.

Number stations are a hack, of sorts, of the entire concept of broadcasting. For all but a few, these number stations broadcast complete gibberish. Only to the person holding the code book or the decryption software do these number stations mean anything. However, since the first number stations went on the air over one hundred years ago, broadcasting has changed dramatically. We now have the Internet, and although most web services cannot be considered a one-to-many distribution as how broadcasting is defined, Twitter can. Are there number stations on Twitter? There sure are. Are they used by spies or agents of governments around the world? That’s a little harder to say.

Continue reading “Number Twitters”

How To Find A Twitter Account

April 4, 2017 by 35 Comments

[Ashley Feinberg] is not one to say no to a challenge. When James Comey (the current Director of the Federal Bureau of Investigation for the United States of America) let slip that he has a secret Twitter and Instagram account, [Ashley] knew what she had to do.

At the beginning, [Ashley] knew only a few things: (1) Comey had recently joined twitter and (2) he only allows his “immediate relatives and one daughter’s serious boyfriend” to follow him. As such, [Ashely] deduced that “if we can find the Instagram accounts belonging to James Comey’s family, we can also find James Comey.”

To start, [Ashley] found the Instagram account of Comey’s 22-year-old son, a basketball star at Kenyon College. Not phased by Brien’s locked down Instagram account, [Ashley] requested access to Brien’s account in order to access the “Suggested for You” selections that are algorithmically generated from Brien Comey’s account. Sifting through the provided accounts [Ashley] found one that fit Comey’s profile: locked down with few friends. That account was named reinholdniebuhr. Not sure it was, in fact, James Comey, [Ashley] found Comey’s senior thesis on theologian Reinhold Niebuhr and televangelist Jerry Falwell as verification.

With Comey’s Instagram found, [Ashley] moved back to Twitter (something y’all can’t seem to get enough of). With only seven accounts on Twitter using some variation of “Reinhold Niebuhr” as a user name, [Ashley] was quickly able to narrow it down to one account (@projectexile7) via profiling, sealing the deal on an awesome hack filled quest. Can’t get enough of social media? Don’t worry, you never have to be disconnected.

Critter Twitter Trap Traps Critters, Pings Twitter

March 21, 2016 by 8 Comments

Got aliens in your attic? Squirrels in the skirting board? You need a trap, and [John Mangan] has come up with an interesting way to let you know that you have caught that pesky varmint: the IoT Critter Twitter Trap. By adding a ball switch, Electric Imp and a couple of batteries to a trap, he was able to set the trap to notify him when it caught something over Twitter. To do this, he programmed the Electric Imp to send a message over when a varmint trods on the panel inside the trap, slamming its door shut. The whole thing cost him less than $60 and can be seen in action after the break.

This is a pretty neat hack. I used to help with a Feral Fix program, where feral cats would be trapped, neutered and returned to the wild. This involved baiting the trap, then waiting hours in the cold nearby for the ferals to get comfortable enough to climb inside and trigger the trap. [John’s] version would only work indoors (as it uses WiFi), but it wouldn’t be that difficult to add a cell phone dongle or other RF solution to extend the range. With this hack, I could have at least waited somewhere warmer, while the trap would ping me when it was triggered.

Continue reading “Critter Twitter Trap Traps Critters, Pings Twitter”

Break Your Wrist? Twitter-Enable That Plaster Cast

December 31, 2015 by 1 Comment

Plaster casts are blank canvases for friends and family to post their get well messages. But if it’s holiday season, adding blinky LED lights to them is called for. When [Dr Lucy Rogers] hurt her hand, she put a twitter enabled LED Christmas tree on her cast.

The hardware is plain simple – some RGB LEDs, an Arduino, a blue tooth module and a battery. The LEDs and wires formed the tree, and all the parts were attached to the plaster cast using Velcro. This allowed the electronics to be removed during future X-ray scans. The fun part was in connecting the LEDs to the #CheerLights project. CheerLights is an “Internet of Things” project that allows people’s lights all across the world to synchronize to one color set by a Tweet. To program the Arduino, she used code written by [James Macfarlane] which allowed the LED color to be set to any Cheerlights color seen in blue tooth UART data.

Connectivity is coordinated using MQTT — lightweight standard popular with connected devices. By connecting the MQTT feed to the cheerlights topic from [Andy Stanford-Clark’s] MQTT feed (mqtt://iot.eclipse.org with the topic cheerlights) the lights respond to tweets (Tweet #cheerlights and a color). The LED colors can also be selected via the phone from the color picker tool in the controller, or directly via the UART. If the Bluetooth connection is lost, the LEDs change colors randomly. Obviously, delegates had great fun when she brought her Twitter enabled LED blinky lights plaster cast arm to a conference. It’s not as fun unless you share your accomplishments with others!

Hackaday Prize Entry: Twitter Goes To The Dogs With Raspberry Pi Hack

August 21, 2015 by 7 Comments

Dogs are remarkable creatures. Anybody who has lived with one will know that they are very vocal beasts, with barks that range from noting the presence of a squirrel in the yard to the warning whine that says “I am about to pee on your shoes if you don’t take me outside.” [Henry Conklin] decided to computerize the analysis of these noises, putting his dog [Oliver Twitch] on Twitter so he could hear what he was saying while he was at work. [Henry] that is: [Oliver] stays at home.

He did this using a Raspberry Pi, which is set to record sound above a certain volume. With the system sitting by [Oliver’s] favorite window, this records his barks. The recordings are then analyzed using PyAudioAnalysis, a library that analyzes sounds, compares them to reference ones and classifies them.  The Raspberry Pi then posts the results onto twitter using Python-twitter.

The setup used by [Oliver] to capture the barks: a USB microphone, Raspberry Pi and WiFi USB dongle.
The setup used by [Oliver] to capture the barks: a USB microphone, Raspberry Pi and WiFi USB dongle.
Or rather, it will when [Henry] fixes a few bugs: right now it just posts a random string that is based on the length of the bark, not the type. [Henry] says he is working on the dog translation at the moment. It’s still a neat project that shows you how simple it is to use a few small bits of code to gather info from your environment and share these over the Internet. [Henry] also says that the next step is creating a weekly podcast for [Oliver]. I, for one, will be subscribing to hear his thoughts on how annoying the postman is, and how vexing it is to see a squirrel and not be able to chase them.

The 2015 Hackaday Prize is sponsored by:

TwitterPrinter Keeps Track Of 2015 Hack-A-Day Prize

March 11, 2015 by 4 Comments

[Mastro Gippo] is getting to be somewhat of a Hackaday legend. He didn’t win the 2014 Hackaday prize but was in attendance at the event in Munich, and to make sure he keeps up with this year’s Prize, he built this old-school printer that prints all of the updates from the Hackaday Prize Twitter account.

The device uses the now-famous ESP8266 module for connecting the printer to the Internet. It doesn’t scrape data straight from Twitter though, it looks at [Mastro Gippo]’s own server to avoid getting inundated with too many tweets at once. The program splits the tweets into a format that is suitable for the printer (plain text) and then the printer can parse the data onto the paper. The rest of the design incorporates a 3.3V regulator for power and some transistors to turn the printer on and off. Be sure to check out the video of the device in action after the break!

[Mastro Gippo] notes that this eliminates the need to have a smartphone in order to keep up with the 2015 Hackaday Prize, which is ironic because his entry into the Trinket Everyday Carry Contest was a smarter-than-average phone. We’ll be expecting something that doesn’t waste quite as much paper for his official contest entry, though!

Continue reading “TwitterPrinter Keeps Track Of 2015 Hack-A-Day Prize”