Disqus - Latest Comments for anelson

Re: What’s the password…haddock?

anelson — Sat, 11 Apr 2009 13:10:05 -0000

Don't disagree. As with so many security considerations, it comes down to one's threat model and an analysis of risk.

Maybe you don't need 256 bits of "military grade" security. That's fine; most people probably don't. If you do, a passphrase is probably not ever going to be sufficient anyway, since I've never seen a generator that strong that produced anything I could remember reliably.

But nonetheless, it's worthwhile to know how strong or weak a particular component is, so you can make an informed decision as to your risk tolerance.

Re: What’s the password…haddock?

anelson — Fri, 10 Apr 2009 20:02:36 -0000

This is cool, thanks for posting.

I've played with a few different ways to generate passwords/phrases, with a particular focus on quantifying the strength of the results in terms of bits, where a password generating algorithm with strength n bits generates as many possible passwords as there are possible values of an n-bit symmetric cipher key. I like to do this because it makes it easy to determine if a password is strong enough to protect, say, a 256-bit AES key.

Generally, it's really hard to create memorable passwords anywhere near that strong; at least, I've never found a way. I wrote a quick script to see how strong your algorithm was at various lengths; the results are posted at http://apocryph.org/2009/04... if you're interested.

Re: The Windows Security Model Is Ridiculous | apocryph.org

anelson — Wed, 03 Dec 2008 21:32:07 -0000

I'm afraid I can't share the code, but I can point you in the right direction:

Given a username, domain, and password:

* Call LogonUser to log the user on and get a token. Note you must have the Act As Part of the Operating System priv to do this. My code attempts both LOGON32_LOGON_SERVICE and LOGON32_LOGON_INTERACTIVE
* Call GetTokenInformation to get the SID of the user
* Call GetTokenInformation to get the token groups
* Use AllocateAndInitializeSid to construct the SID corresponding to the built-in administrators group (2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS)
* Iterate through the token group SIDs and use EqualSid to compare each one to the build-in admins group sid; if you find a match, the user is a local admin

Hope this helps...

Re: WTF is Powershell For? | apocryph.org

anelson — Wed, 26 Nov 2008 19:57:01 -0000

Thanks, I'm glad I'm not the only one!

Re: Project Idea: Face detection in Gallery2 | apocryph.org

anelson — Sat, 22 Nov 2008 23:44:32 -0000

Yes, I figured that out too.

I had the same thought RE training an Orwellian face recognition system. Picasa is further along on this, and actually does detect faces and match them to people. Scary.

Re: The "free" gas card scam | apocryph.org

anelson — Sat, 22 Nov 2008 23:43:24 -0000

There is no fine print. Show me where on the "free" gas card it says, in tiny little print, "this isn't actually a free gas card at all, and unless you spend $100/mo on gas you'll actually get nothing from this card". If there was, ppl wouldn't be as easily tricked, and the scam wouldn't work.

Re: May have identified FiOS router slowdown problem | apocryph.org

anelson — Fri, 21 Nov 2008 11:49:35 -0000

I suggest you put the router into Bridged mode as I noted in the update at http://apocryph.org/finally... . Since I've done this, it turns the router into a glorified network interface card, and I let me OpenBSD firewall do the NATing. Now I can saturate the pipe with no problems.

Re: Finally getting 21st century entertainment gear | apocryph.org

anelson — Mon, 10 Nov 2008 23:18:55 -0000

Well, my office is tidied up since you saw it, and I'm thinking of taking out the recliner and putting in a small couch. The TV will go where my whiteboard is, and should be big enough to view comfortably from the other side of the room.

Re: A more in-depth analysis of Ruby HTTP client performance | apocryph.org

anelson — Mon, 10 Nov 2008 18:37:34 -0000

I didn't think so, but I just checked and sure enough, there is a binary gem for version 0.12.0. Thanks for pointing that out.

Re: A more in-depth analysis of Ruby HTTP client performance | apocryph.org

anelson — Mon, 10 Nov 2008 10:08:09 -0000

A flurry of warnings, followed by:

In file included from rev_loop.c:9:
/home/anelson/ruby19/include/ruby-1.9.0/ruby/backward/rubysig.h:14:2: warning: #warning rubysig.h is obsolete
In file included from rev.h:11,
from rev_loop.c:14:
/home/anelson/ruby19/include/ruby-1.9.0/ruby/backward/rubyio.h:2:2: warning: #warning use "ruby/io.h" instead of "rubyio.h"
rev_loop.c: In function 'Rev_Loop_ev_loop_oneshot':
rev_loop.c:211: error: 'RB_UBF_DFL' undeclared (first use in this function)
rev_loop.c:211: error: (Each undeclared identifier is reported only once
rev_loop.c:211: error: for each function it appears in.)
rev_loop.c:287:2: warning: no newline at end of file
make: *** [rev_loop.o] Error 1

I admit I didn't spend a whole lot of time looking into it, though I at least got as far as getting libev installed.

Re: A more in-depth analysis of Ruby HTTP client performance | apocryph.org

anelson — Sun, 09 Nov 2008 23:09:10 -0000

Indeed. The more I learn how shitty the stock 1.8.6 HTTP client impl is, the more surprised I am that I haven't read more about it. It's basically useless if you're doing any sort of HTTP interface on the server side, particularly with miserly shared hosts. Really lame.

Re: Thoughts on the Presidential Election | apocryph.org

anelson — Sat, 08 Nov 2008 19:47:40 -0000

Thanks John. For whatever it's worth, I don't count you among the execrable ranks of the Rationally Ignorant, support for the Evil One notwithstanding :)

Re: Thoughts on the Presidential Election | apocryph.org

anelson — Sat, 08 Nov 2008 14:46:04 -0000

I'm afraid you have it wrong. The narrative has hatred torwards thy neighbors derived from antipathy towards those who don't look like me. The religion bit is just a backwards way of understanding the world, and doesn't really impact hatred one way or the other.

Re: Migrating gallery from Gallery2 to Flickr | apocryph.org

anelson — Tue, 28 Oct 2008 11:41:15 -0000

Yes, but the upload utility is teh suck, so you'd need to find a third-party app to do backups.

Also, the video is limited to 150MB and as far as I can tell is transcoded into FLV. So those HD family movies will have to go elsewhere.

Re: Creating DevExpress.NET toolbox icons for non-admin users | apocryph.org

anelson — Sun, 26 Oct 2008 13:18:13 -0000

Well, one could argue that UAC in Vista is conceptually similar to sudo, inasmuchas one runs w/o admin privs most of the time.

MakeMeAdmin actually emulates UAC more than it does sudo. With sudo, you're allowed to run some/all commands as 'root', once you reauthenticate. With UAC and MakeMeAdmin, you do everything as your user account, which simply enjoys elevated privs once in a while.

Frankly, as a concept I prefer UAC/MakeMeAdmin, since it's a bit more seamless, but the implementation leaves a LOT to be desired. I'd happily take a solid 'sudo' implementation if Windows offered one.

Re: Achieving maximum TCP performance on Windows XP/2k3 | apocryph.org

anelson — Wed, 22 Oct 2008 14:16:03 -0000

Thanks Mark I'll give thata go.

Re: "Gem::SourceIndex#search support for Regexp patterns is deprecated" from Rails after upgrading to RubyGems 1.3.0 | apocryph.org

anelson — Wed, 22 Oct 2008 11:32:22 -0000

Yeah, I also fixed it by downgrading to gems 1.2.0. It just seems...wrong to have to do that. Don't they test gems before they release it? Or is this a naming and shaming gambit to get gems like rails off of the deprecated functionality? I don't know, but it's irritating.

Re: An analysis of Ruby 1.8.x HTTP client performance | apocryph.org

anelson — Thu, 16 Oct 2008 09:51:54 -0000

Good idea. I have some further testing I want to perform with some more implementations, but when I'm done I'll try to put something together.

Re: An analysis of Ruby 1.8.x HTTP client performance | apocryph.org

anelson — Wed, 15 Oct 2008 18:51:22 -0000

Yes, in fact curb is one of the implementations I tested in the article. It turned in outstanding performance, though not much faster than the all-Ruby rfuzz implementation.

Re: Set up OpenID Delegation on Drupal | apocryph.org

anelson — Tue, 14 Oct 2008 10:10:29 -0000

iirc, the delegation stuff has a per-user option, though I'm not using it that way.

Re: Absolutely bullshit Ruby HTTP client situation | apocryph.org

anelson — Mon, 06 Oct 2008 21:50:03 -0000

Since we're discussing obscure vocab words which one only uses to sound smart, here are a couple more:

* pedant - One who dwells incessantly upon insignificant minutia to the exclusion of relevant details. For example, counting occurrences of the word "ameliorate" is pedantic.
* ad hominem - A latin phrase which roughly translates to 'being a douchbag'. An ad hominem attack (such as, for example, "you're batshit insane") has no rhetorical value and as such is often a last resort of the ignorant.

Don't get me wrong. It's awesome you actually took the time to read some of my blog postings before taking pot shots. You're probably one of only a handful of people to read my civic SI holster compatibility complaint. You could just stand to be a bit less of an ignoramous.

Re: An analysis of Ruby 1.8.x HTTP client performance | apocryph.org

anelson — Sun, 05 Oct 2008 19:19:20 -0000

I originally intended to run my test rig under 1.9 as well, but I ran into some trouble building it so I stuck with 1.8.x. I did review the 1.9 code enough to see the Net/HTTP impl is largely unchanged, but I have to assume the other performance improvements will make a difference. I'll definitely try it at some point.

Re: An analysis of Ruby 1.8.x HTTP client performance | apocryph.org

anelson — Sun, 05 Oct 2008 11:31:47 -0000

Indeed. I see no reason Ruby can't approach native speed for I/O bound tasks, provided the author does his part regarding buffer management and such.

Re: Moving to Future Hosting, Part III | apocryph.org

anelson — Tue, 30 Sep 2008 14:48:51 -0000

rails_user wrote:
>How did you fix
>It spit out an annoying error: /usr/lib/ruby/gems/1.8/gems/rails-2.1.1/lib/rails_generator/lookup.rb:211:in `each’ is outdated

I didn't fix it. I haven't yet figured out why that happened. It didn't seem to hurt anything, so I left it for another day.

Re: Absolutely bullshit Ruby HTTP client situation | apocryph.org

anelson — Mon, 29 Sep 2008 16:06:50 -0000

Cool. I've actually taken your advice and started poking around the ruby sources. Ruby 1.9 grows the buffer to 16K, which will likely ameliorate the problem, but the timeout implementation is quite horrifying.

If I get time this week I'll try making various modifications to the library source code to see about improving performance.