Domain: kuliukas.com
Stories and comments across the archive that link to kuliukas.com.
Comments · 19
-
Re:I don't understand the obsession with canvas
I guess because it's so easy to get started with, and there is stuff you can't do with SVG that you can with Canvas (like Mario, or this)
-
Re:using game of life?
What about using a cellular automate?
A silly idea I just had yesterday.
Take a grafical representation of the password, then "hash" it by running 100 generations of life through. Store the result as the hash.
The salt would be an additional life colony so that after 100 generations you're not going to end up with a dead colony.Oh, I can't patent the idea, I'm not the first one thinking of that. http://kestas.kuliukas.com/GameOfLife/
GoL isn't as good of a hash compared to a more traditional hash. First thing that comes to mind is some hashes can spread a single bit change faster than GoL's "speed of light" limitation. The "c" limit in GoL is that a glider etc cannot move faster than a cell per generation in any direction, but I think there are hashes where a single bit change can spread across the hash faster than one adjacent bit per complete hash function. One generation of MD5 beats 50 generation of GoL on a 100x100 board in terms of smearing that single bit across the result.
Also you can get into huge arguments but generally running a hash multiple times doesn't spread the bits much better than running it once.
-
using game of life?
What about using a cellular automate?
A silly idea I just had yesterday.
Take a grafical representation of the password, then "hash" it by running 100 generations of life through. Store the result as the hash.
The salt would be an additional life colony so that after 100 generations you're not going to end up with a dead colony.Oh, I can't patent the idea, I'm not the first one thinking of that. http://kestas.kuliukas.com/GameOfLife/
-
Re:Karma
But aren't they also contributing significantly to the Mono project?
(Before someone says "Mono is evil and helps MS" I'm not so sure. If it does Wine certainly does too, but no-one raises a fuss about Wine, and being able to run my .NET apps on Linux definitely seems like a good thing for reducing ties to Windows to me.)
They did make a deal which, in part, involved patent disputes with Microsoft regarding Linux, but unless there's a way that it "legitimizes" those claims in a legally tangible way I don't see why that's a problem. (And I haven't seen any reason why Novell getting protection against patent suits from Microsoft would affect the legal status of code external to Novell. It seems like paranoia to me.) -
Re:Eclipse PDT?
It is all workable, once you get Eclipse working it'll work from that point on. I wrote a guide on setting up debugging, it took a while but once you've done it once you're set, and you're not out by $xxx dollars per year.
-
Re:Links to all drawings
I had to have these for my background rotation, in case anyone else wants them too here are the JPGs from those PDFs:
http://kestas.kuliukas.com/NuclearReactors-Scaled.zip - Scaled to a little larger than desktop size, 90% quality (artifacts not noticeable) 6mb
http://kestas.kuliukas.com/NuclearReactors-Full.zip - Full size 100% quality 55mb (will take ~30 minutes) -
Re:Links to all drawings
I had to have these for my background rotation, in case anyone else wants them too here are the JPGs from those PDFs:
http://kestas.kuliukas.com/NuclearReactors-Scaled.zip - Scaled to a little larger than desktop size, 90% quality (artifacts not noticeable) 6mb
http://kestas.kuliukas.com/NuclearReactors-Full.zip - Full size 100% quality 55mb (will take ~30 minutes) -
Re:That wooshing sound....
I wrote this tool so that users have to register their e-mail before entering their user/pass/profile data. This way you don't get any wasted database space, and it doesn't need any file/database storage to remember codes: "Easy e-mail verification"
-
Re:That wooshing sound....
I dealt with the problem by replacing the captcha with my own: "EasyCaptcha.php, for phpBB 2/3"
I made the captcha so it doesn't need database/files to store codes, and it's dead simple and can be inserted anywhere. It stopped spam dead on two forums which were getting a constant barrage of spam, without having to add confusing tricks to the registration page. -
Re:Only $427.33 on eLance
I bet if you put the specs on eLance, there'd be a company in Romania somewhere bidding to do it for about $427.33, give or take a few dollars
:)I've had my open source code plagiarized and sold on as their own work by a Romanian "development" company called fyb.ro (though they sold it on for ~$4000 and my code is rather less than the linux kernel), but in principle I actually wouldn't be surprised at all.
:-) -
Re:bllizard, wow patcher
I agree that
.NET is excellent, and I'm a huge fan of C#, but if you want to get something that's about as good as VS.NET Express for PHP, Java, Perl, Python, and a large range of other languages (with debugging, project management, etc) check out Eclipse.
It's a nightmare to set up debugging with PHP, which is why many cave in and buy Zend Studio Pro for $299, so I wrote this text which helps walk people through it.
Now I don't feel the huge gap between IDEs for open languages and .NET languages. -
Let us pray for them
All rise to say a prayer for the damned.
Our search engine, Who art in California
Defined in the dictionary be Thy Name;
Thy profits come,
No evil be done,
in China as it is in the US.
Give us this day our daily hits,
and forgive us our gratuitous links,
as we forgive those who gratuitously link on our sites;
and lead us not into porno,
but deliver us from evil. Amen. -
Re:OpenBSD PFI've written an article on configuring PF, so I'm not speaking out of ignorance, and I really like PF and use it for my home firewall, so I don't speak out of spite..
But PF isn't really suitable for a firewall that will be moderately complex. Even in my home LAN I feel the strain of PF's simplicity. The syntax truly is elegant and readable, but it's also inflexible.
- You can't queue outgoing packets. This means to do outbound traffic shaping you need to queue upload speed on the incoming interface, which is a messy hack that can't queue packets addressed to the gateway itself.
- You can only tag packets with one label. If you're translating packets you can only tell what the translated packet is on the other interface using a single tag.
- You can't change rules on the fly with switches; you have to load new rulesets. I have to use cron to invoke sed to create PF rulesets for different times of the day from a template ruleset.
Don't let me turn you away from PF; it is perfect for simple cases, but as your needs get more complex you find yourself in the much feared situation of having to change to a different solution, but having to throw away a lot of time invested in good firewall rules to do so.
If you think your needs will scale I'd recommend IPFW. Instead of having a stream of packets come in, and passing through rules until it reaches the end (or a pass/block quick), it uses an elegant system whereby you channel packets into different chains of rules.
If you imagine a stream of packets coming in you can tell all TCP packets, say, to switch to a certain point in the rules, and UDP to go to another section. You might then break up the TCP stream into different ports heading to different services, and then into streams coming from different subnets. You can translate packets with NAT, and then the packet will continue in the ruleset at the point it left off.
This way can be more daunting at first, but as the complexity of your ruleset increases it becomes far more logical, practical and readable.
So I'd say choose between PF and IPFW depending on how complex you expect your ruleset to become. -
Casio Color Power Graphic 32kB
Here in Australia this is the standard issue graphics calculator: http://www.office365.co.uk/im/pim/354946.jpg
It's very easy to use, has 3 colors so you can make out different functions which are graphed. You can enter lists and generate statistics, scatter graphs, manipulate matrices, graph functions, recursive formulae, do complex arithmetic, etc, etc.
But best of all is it has a very nice programming environment with an easy to use, rich API for doing just about anything you might regularly do manually (including all the graphing, matrices, etc, above).
You can write programs, store them, and execute them from within the "console", or just enter programs directly into the console.
The language reminds me of basic, here are two programs I wrote while bored back in high school: Game of Life, BF language interpreter. -
Casio Color Power Graphic 32kB
Here in Australia this is the standard issue graphics calculator: http://www.office365.co.uk/im/pim/354946.jpg
It's very easy to use, has 3 colors so you can make out different functions which are graphed. You can enter lists and generate statistics, scatter graphs, manipulate matrices, graph functions, recursive formulae, do complex arithmetic, etc, etc.
But best of all is it has a very nice programming environment with an easy to use, rich API for doing just about anything you might regularly do manually (including all the graphing, matrices, etc, above).
You can write programs, store them, and execute them from within the "console", or just enter programs directly into the console.
The language reminds me of basic, here are two programs I wrote while bored back in high school: Game of Life, BF language interpreter. -
Who's fault? Zend's
I've audited quite a lot of PHP, written an article on PHP security from the hackers perspective, and done quite a lot of PHP development, and I've never come across an security problem that you could blame the developers for!
It's always the developer assuming something about PHP or the PHP environment but getting it wrong; you can argue that the developer should know, but there are so many gotchas in PHP, you have to be an expert to be aware of them all. (I've listed some in a previous post on /. , and won't repeat myself here).
This isn't right for any language, but a language which web applications run on?! The most hostile environment to develop for is not the place for a language that makes it so easy to trip up!
The fault, for the vast majority of PHP security problems, is completely Zend's. Zend needs to give security priority over backwards compatibility, and get rid of all of their problems that developers repeatedly trip up on. -
Diplomacy
Diplomacy. Avalon Hill's board game Diplomacy is a classic that fits the Internet like a hand in a glove, and that's why there are zillions of e-mail games going on as we speak; not to mention discussion groups, Gopher sites, Web pages, and quite a few utilities. Modern-day Machiavellis will find their electronic home right here (in rec.games.diplomacy).
They got this one right, but I think web 2.0 fits it even better than e-mail. (then again I'm a bit biased) -
Re:Not up-to-date on PHP security . . .I've written lots of PHP code in my spare time, and have written an article on creating "rootkits" to covertly inject into PHP scripts (phpBB2 in particular), so I thought I'd chime in. This'll probably be a long post but hopefully it'll give people some things to look out for.
Here are the most common security problems you run into in PHP:- magic_quotes: This adds slashes to all input so that you don't have to sanitize it before it gets inserted into SQL. The problem is that developers write their code with magic_quotes on, but don't realize that it's often turned off elsewhere, which leads to gaping holes.
- register_globals: Variables can be placed directly into the global namespace. If you don't explicitly set all variables before using them anything can be injected into them, which brings me on to:
- Only critical errors are reported: If you use a variable which isn't set it'll just return null, with no error (unless you specifically turn up the error_reporting level). This means that someone who isn't familiar with the problem won't know that a variable in their script can be written to by anyone until it's being exploited, functions which you would expect to return an error and halt the script if they fail can carry on without giving any indication of failure.
- fopen_urls: By default you can include scripts hosted on other websites! This often makes remote PHP execution, which would otherwise require eval(), much easier.
Who would have thought "<?php include($var.'/include.php'); ?>" will run any PHP on any server, anyhere? (The attack in the article above leveraged entry using this, coupled with register_globals.) - Inconsistencies: What one function does can never be applied to what another function does; you can never assume anything with the PHP library and always have to keep a browser window with the PHP manual handy. Using a function without carefully reading up what it does, even when it's very similar to another function you're familiar with, is asking for trouble in PHP.
The same goes for just about everything; are you checking whether some input equals some harmless number before passing it on to a SQL query or the browser? Don't forget that (5 == "5 UNION SELECT secret FROM ..."), null == 0 == "" == false, "a" == 4 == true; generally you just have to be on your toes. - Input checking is difficult: Do you want htmlentities() or htmlspecialchars() ? Have you remembered to strip_slashes() if magic_quotes is on? Remember the user can input arrays too, are you checking that the input isn't an array? Have you remembered to escape queries with mysql_real_escape_string() ? mysql_escape_string() doesn't account for the character set being used, and so isn't good enough, trying to escape input for yourself is also dangerous. What about null bytes? Remember that the user can input binary data; PHP allows null bytes, and will add a slash to them, but when you send a string with null bytes to some functions, but not others, the null bytes will be silently dropped leaving only slashes.
To check input in PHP you have to be absolutely rigorous and take no half measures, people who aren't aware of the dangers don't stand a chance.
To be honest I'm a big fan of PHP, it's very flexible and lets you develop very quickly and easily; if you have the knowledge and self discipline it's an excellent language. But allowing fast, easy development at the cost of security is insane for a server-side web scripting language!
I was hoping that PHP6 was all about doing a 180 degree turn on security, but this article doesn't bode well.. -
Lack of backwards compatibility
phpBB, vBulletin, mysqladmin, postnuke, phpDiplomacy (shameless self promotion), etc, etc; none will work until they've been ported to the new PHP5 OO model, and once they've been ported they won't work on PHP4.
They should leave in backwards compatibility for the class based OO model which <PHP5 uses. Once they bring out PHP6, PHP5 will be the only version which runs new and legacy PHP scripts, so PHP5 will clearly become the standard for a long time.
I'm a big fan of PHP, but with so many apps (e.g. my university's timetabling app) still in PHP3, all the rest in PHP4, both becoming obsolete, changes to the API, even changes to what's allowed within the same version; I'm starting to wonder if I should have focused on a more stable language like python or perl instead.