Monday, May 24th, 2010
Many online services allow, or even worse, require, the so called “Security Question”. It is a question/answer you can enter in case you ever forget your password or can’t access your account for some reason. In my opinion, security questions are an incredibly bad idea, from a security perspective.
The usual security questions are things like “What was your mother’s maiden name”, “What’s your pet’s name”, etcetera. People won’t understand that actually supplying a truthful answer to these kind of questions exposes them to an incredible weakness in their account’s security. These are all questions to which the answer can be found relatively easy by googling a person or applying a little social engineering. “Hey, I am John, and I think I might be related to you on your mother’s side. What’s her maiden name”?
The worst part is that every site has basically the same questions from which you can choose. This means that people either have to pick the same question and answer every time, or pick a different one for each account. The first will make them vulnerable to repeated attacks on all their online profiles once an attacker has found the answer. The second will make it very hard for people to remember that they must never let anybody know about their favorite pet’s name “Buddy”. A lose/lose scenario at best.
As is often the case with security protocols, they must be followed to the letter to be safe. One flaw in the procedure, and the security collapses. Security questions could be a good idea, provided that:
- The user makes up his own question. No predefined questions should be supplied, and most importantly, different sites shouldn’t all use the same questions.
- The user should never be told what his security question was. If they need to reset their password, they should chose both the security question and the answer. This will make it much harder for a potential attacker to gain accees.
Of course, taking the above in consideration, security questions are just as hard to remember as a password, which makes them kind of pointless. Pointless or insecure, make your pick.
Friday, April 16th, 2010
New development builds, and apparently the Beta build of Chrome for the Mac, strip the ‘http://’ part from the URL input field. Since I run Chromium for Linux, which uses nightly builds of Chrome, I am already affected by this retarded decision.
For this reason I will no longer be using Chrome, nor will I recommend Chrome to anybody anymore. In fact, I will actively recommend using any browser other than Chrome, including Internet Explorer 6.
I could explain why such a ‘trivial’ change upsets me so much that I’d stop using an otherwise… promising.. product, but life is too short to argue with stupid people, so I’ll just leave it at that.
Friday, March 19th, 2010
I finally found a decent replacement for the MySQLcc database browser:
SQuirreL SQL
SQuirreL SQL Client is a graphical Java program that will allow you to view the structure of a JDBC compliant database, browse the data in tables, issue SQL commands etc
It’s Java, so it’s slow, but it does everything I want, and more:
- Syntax highlighting
- Multiple query tabs
- Multiple queries in the same tab (select the query and press ctrl-enter to run it)
- Export results
It has tons of options you can tweak, and it’s got plugins if you want to extend it. It supports just about every relational (and some non-relational) database out there.
Awesome.
Wednesday, December 23rd, 2009
Preface
Randomly selecting elements from a set of items is easy. Just generate a random number between 0 and the length of the set minus one, and use that as an index in the set (if it is an array) to get a random entry. The chance that an entry is picked is the same for each entry in the set. This is called even distribution or uniform distribution.
But what if we do not want each entry to appear as much as every other? Suppose we’re creating a question-answer game, and we want the questions the user got wrong previously to appear more often than the question he or she got right? This is called a Weighted Random Distribution, or sometimes Weighted Random Choice, and there are multiple methods of implementing such as random picker.
This article explains these various methods of implementing Weighted Random Distribution along with their pros and cons. We use Python as our language of choice, because it has an easy to read syntax, and provides many useful tools which would take many more lines of code in most other languages. Along the way all Python “tricks” will be explained.
(more…)
Tuesday, November 10th, 2009
In kind of a follow up to my previous post on using find and sed to search and replace multiple files, I found out something else.
I needed to find and replace something in every file, except for any files which had “.svn” in them. After struggling for a few fruitless minutes with -regex, I stumbled upon this example in the manual page:
find /sbin /usr/sbin -executable \! -readable -print
Search for files which are executable but not readable.
The \! allows us to invert the tests after it. Perfect! All we need to do is use -regex to do our excluding:
find . -type f \! -regex ".*\.svn.*"
And we can now search and replace in all files except those that have “.svn” in them:
find . -type f \! -regex ".*\.svn.*" -print0 | xargs -0 sed -i "s/foo/bar/"
Neat. Note that, again, -regex is a GNU find only construct.
Tuesday, November 10th, 2009
I’ve released Templum v0.4.0
Templum is an extremely lightweight, simple yet powerful and fast templating engine for PHP. It re-uses the power of PHP itself for rendering templates, but provides additional features making it easier to write templating code. Rendering templates using Templum is very fast; it approximates native PHP rendering speed for include() statements.
This release features:
- Some small bug fixes
- Documentation updates
- The ability to include other templates in a template
Download instructions here.
Monday, November 9th, 2009
I always kept a small Python script around for searching and replacing in Linux. Turns out that GNU sed has an inline edit mode which I didn’t know about:
-i[SUFFIX], --in-place[=SUFFIX]
edit files in place (makes backup if extension supplied)
This makes searching and replacing in files as simple as:
find . -name "*.txt" -print0 | xargs -0 sed -i "s/foo/bar/"
This replaces all occurences of “foo” with “bar” in all the .txt files in or below the current directory.
Unfortunately, -i appears to be a GNU extension, so it won’t work on *BSD or Solaris, probably.
Friday, November 6th, 2009
I have a laptop that travels with me to work as well as being used at home. I have a number of network CIFS mounts that I like to have available when I am at home, so I have them set to “auto” in /etc/fstab. […] The problem is that when I shift locations, I need proper handling of those network mounts.
Handling network mounts on a very mobile laptop.
Thursday, October 8th, 2009
Since Debian 4.0 or some such, when your MAC address changes, your interfaces changes too. So if you spoof the MAC address of your nic, or you clone a Debian 5.0 VirtualBox guest and assign it a new different random MAC address, or if your nic broke down and you replaced it, the new nic will be assigned to eth1 instead of eth0 (if you previously only had one network card in your machines, that is). Chances are your statically defined network settings (in /etc/network/interfaces) will not work anymore, because they refer to eth0, and not to eth1.
The reason behind this appears to be Udev. It keeps a list of MAC addresses and which interfaces they were assigned to, and when it sees a new MAC, it assumes that is a new network card, and so assigns it a new ethX interface. This is both a good thing, as it will keep your system from rearranging all the nic’s if you add one or one dies, and a bad thing, as your network will not come up anymore if you’ve replaced the previous nic
To fix this, log in at the console as root, find a file named something like persistent-net.rules in the /etc/udev/rules.d/. The file may be prepended with some and remove all the lines in that file below the You can modify it... line.
When done, reboot. (I haven’t yet found out how to regenerate the file. Running the executable the file mentions doesn’t work for me).
Thursday, October 1st, 2009
ArchFS is a FUSE (user-space, so it does not require a special kernel module, other than the FUSE kernel module) file system on top of rdiff-backup (an incremental backup tool). It allows you to mount a rdiff-backup repository and then provides an easy way to maneuver through the various revisions in that repository.
The text of all posts on this blog, unless specificly mentioned otherwise, are licensed under this license.
