It Seems I’ve Been Wasting My Time…

…not to mention lots of tin foil.

Posted in General | Tagged | Leave a comment

Securing WordPress Sites

This is another in my series of posts about keeping my blog (and yours) free from malware. Victor Granic over at switchwp has an excellent and reasonably comprehensive post on securing WordPress sites. I came across his post via Sacha Chua’s notes on WordCamp Toronto 2012.

Along with the usual good advice such as keeping WordPress up to date, Granic suggests such things as changing the name of the administrator’s account to help foil automatic exploit tools, setting up comprehensive logging, changing the database table prefix, and setting up SSL mutual authentication for access to the administration screen.

Another useful piece of advice is to install the WordPress Exploit Scanner, Login Security Solution and VaultPress security plugins. He also gives some pointers to further resources for learning how to harden your WordPress site.

If you have a WordPress site you should definitely take a look at this guide. It’s full of good advice and things that you may not have known or thought of. Recommended.

Posted in General | Tagged | 1 Comment

Reader Macros

J.V. Toups over at Dorophone has a nice, short introduction to Common Lisp reader macros. The conventional wisdom is that it’s best to avoid reader macros when you can and the use cases that Toups examines probably fall into that category but they do serve to present some interesting examples that show how reader macros work.

If you’ve ever wondered what reader macros were all about or how they work, this is a good introduction. If you want more, you can get it from Paul Graham’s On Lisp or Doug Hoyte’s Let Over Lambda both of which discuss reader macros.

Posted in Programming | Tagged , | Leave a comment

Editing A Column of Numbers

Alex Schroeder has an interesting post on editing a column of numbers. The problem is that given some text such as

|[[...]]     |   1 |          6563|     3796|   |[[...]] | — |
|[[...]]     | 1/3 |          2315|     1259|   |[[...]] | — |
|[[...]]     | 1/3 |           159|      607|   |[[...]] | — |
|[[...]]     | 1/3 |           159|      597|   |[[...]] | — |

add 56 to the numbers in the third column. Schroeder’s solution is to use query-replace-regexp with a complicated regular expression that selects the numbers in the third column and replaces them with

\,(+ 56 \#2)

That’s a nice solution and has the virtue of using only core Emacs functionality so that it will work with any Emacs. The only problem is that nasty regular expression. It’s not really that hard but has lots of room for error and will probably take most people a couple of tries to get right.

Later, I stumbled upon a post from the invaluable Mickey over at Mastering Emacs on iedit that looked like it might do the job in an easier way. iedit-mode is much like Magnar Sveen’s mark-multiple package. They both allow you to mark identical pieces of text and then modify them all at once. The difficulty for the problem at hand is that the numbers are not the same and neither iedit nor mark-multiple work with regular expressions.

Sveen, however, does have a wonderful solution with his spectacular multiple-cursors package. It has a mode that allows you to select a rectangle and then operate on each line of the rectangle together. You can see a similar example in operation by watching Sveen’s Emacs Rocks! Episode 13 (it’s at the end of the video). The idea is to select the numbers in the third column and edit them into a sexpr that adds 56. For example, the 6563 in the first row becomes (+ 56 6563). With multiple-cursors all the rows are changed in parallel.

Finally, we call eval-and-replace to replace the sexprs with their values. This is a truly beautiful solution: quick, easy, and hard to get wrong. Of course, you do have to load extra packages. First you need multiple-cursors. That’s an easy ELPA load from Marmalade and something every Emacs expert should have in their toolkit. You’ll also need eval-and-replace. That function is available in many Emacs predefined configurations such as the the Emacs starter kit but it’s definition is simple. Here’s my version: it’s only 5 lines so you can just grab it and plop it into your .emacs or init.el.

The bottom line is that you can always solve problems like this using Schroeder’s solution in any Emacs installation but if you have a little bit of extra help loaded, the solution is trivial.

Posted in General | Tagged | Leave a comment

More Common Lisp Tweets

Jean-Philippe Paradis has announced a “massive reorganization” of his Common Lisp tweets collection. He’s also added 200 about 70 new tweets to the collection for a total of almost 200.

In the past, I’ve recommended going to his site for your browsing enjoyment and I still think that’s a good idea but, really, if you’re a Lisper you probably should follow him on Twitter. He usually has at least a couple of tweets every day so he keeps things interesting without overwhelming his followers. If you’re not on Twitter or you don’t want to follow him for some reason, you can still see his tweets by going to his Twitter page.

Update: Corrected the number of new tweets per Jean-Philippe Paradis.

Posted in Programming | Tagged , | 1 Comment

Computer Attacks in Real Time

BetaBeat has a fascinating article (via The Atlantic Wire) on a Honey Pot project that allows you to watch attacks as they happen. Every time there’s an attack, a red dot explodes on a world map at the source of the attack. A yellow dot explodes at the target site. A text box at the bottom shows more data on the attacking site, although the rate of attack is so rapid that it’s hard to read the text as it scrolls by.

As BetaBeat says, it’s hard not to mouth exploding sounds as you watch the map. It’s insanely easy to waste several minutes just staring at the action. It’s almost like an over-the-top action movie. Be sure to read the BetaBeat (or Atlantic Wire) article for some help on interpreting the display and then go on over and be amazed.

Posted in General | Tagged | Leave a comment

NIST Announces SHA-3

NIST just announced the winner of the SHA-3 competition: it’s Keccak. The Keccak hash uses a completely different strategy from the SHA-2 family, something that most analysts view as an advantage.

It’s not clear how quickly Keccak will be integrated into the infrastructure. As Bruce Schneier explains, there’s still a lot of life left in the SHA-2 family and the sense of urgency that experts felt when the contest was announced in 2006 has abated somewhat in the interim. Schneier, in fact, is recommending that we stick with SHA-512 for the time being.

Congratulations to the Keccak team and to NIST. NIST ran an excellent competition and the finalists were all great hash functions. As Schneier says, any of the finalists would have been fine.

Posted in General | Tagged | Leave a comment

SBCL 1.1.0

SBCL 1.1.0 has been released and is available from the SBCL Download page. Although they have brought the OS X binary up to date, I chose to compile from source. The compilation ran without difficulty and as far as I can tell from my limited use so far, it runs without any problems.

If you check the News page for what’s changed, you’ll find that the release is a combination of enhancements and bug fixes as well as an added section to the manual that discusses random number generation. Congratulations to the SBCL team on their achievement of the 1.1 milestone.

Posted in Programming | Tagged , | Leave a comment

Stop!

Please. Stop. This. I’ve asked, nicely, previously. Now I’m getting annoyed. I’ve said it before: If you want Python, you know where to get it.

Posted in General | Tagged , | 6 Comments

An Analysis of PIN Numbers

Over at Data Genetics there’s a great analysis of PIN numbers. By aggregating data from several breaches Nick Berry gathered 3.4 million PIN numbers and performed extensive analysis on them. Every possible value was represented in the sample but they were far from uniformly distributed. It will be no surprise to regular Irreal readers that the most common PIN was 12341 at almost 11%. Incredibly, the top 5 (1234, 1111, 0000, 1212, 7777) account for over 20% of the PINS. In terms of the iPhone and its automatic wipe after 10 failed PINS, an attacker has an over 23% chance of getting the correct PIN just by guessing the most popular ones.

There’s a lot more to Berry’s analysis than the most/least popular pins. The post is long and detailed and has a huge amount of information. If you use PINS (and who doesn’t?) I really recommend that you take a look at this post. PINS, of course, are not particularly secure but they are used all over the place and there’s no reason to be using an obvious one. Consider this. If a random person loses his ATM card, a dishonest finder has an over 18.6% chance of picking the correct PIN in 3 tries by guessing 1234, 1111, and 0000. Would your account be disgorging funds?

Footnotes:

1 Unless you’re the French Central Bank, in which case your pin is 123456.

Posted in General | Tagged | Leave a comment