Aczid's blog

About two weeks ago I started my internship at Nikhef, the Dutch institute for subatomic physics. Up until now it has mostly been a dizzying experience. I'm learning to cope with a whole new world, namely that of Grid computing. That wiki page is actually not very specific as to scale, so perhaps the GridPP introduction page can convey it better. Nikhef (together with SARA) has a Tier-1 site, which means they can provide computing power and storage for one tenth of the data generated by the LHC experiments. If nothing else, this map showing the grid sites should impress you.

View Larger Map

But you still know nothing of my tiny, (so far) insignificant role in all this. It's to design and develop the EES. It involves the redesign of existing (sudo-like) pluggable software library that should be backwards-compatible. And oh yeah, it's in C. I hope now you'll understand why I feel like my head is spinning. I've just about given up on reading all the related articles linked from the LHC wikipedia entry in my first week. I feel right in my place, but not very useful yet. The Grid infrastructure is so huge I only have a vague, high level idea of how it's all supposed to work. I have heard new acronyms every day for the past two weeks, most of which are still kind of lacking a real definition for me. In the mean time I've been coding several prototypes (more like examples, or exercises) of how parts of the project should work.

Blogging everything I learn there would be impossible, but you can follow me on twitter to keep up with my progress. My direct supervisor / boss is also on there. I hope to get out a blogpost again every week or so.

Today I was looking for an automated way to find any security related server mis-configurations on my website, and found a really nice tool called Nikto that does just that. In fact it was so helpful it showed me I was doing directory indexing through Apache where I didn’t want to.
Here is an example of its use.

aczid@aczid:~$ nikto -host blog.aczid.nl
---------------------------------------------------------------------------
- Nikto 2.02/2.03     -     cirt.net
+ Target IP:       127.0.1.1
+ Target Hostname: blog.aczid.nl
+ Target Port:     80
+ Start Time:      2009-01-25 0:16:00
---------------------------------------------------------------------------
+ Server: nginx/0.6.32
+ OSVDB-0: Retrieved X-Powered-By header: Phusion Passenger (mod_rails/mod_rack) 2.0.6
- /robots.txt - contains 1 'disallow' entry which should be manually viewed. (GET)
+ OSVDB-0: GET /?mod=some_thing&op=browse : Sage 1.0b3 reveals system paths with invalid module names.
+ OSVDB-3092: GET /sitemap.xml : This gives a nice listing of the site content.
+ OSVDB-3092: GET /archives/ : This might be interesting...
+ OSVDB-3092: GET /stats/ : This might be interesting...
+ 2967 items checked: 6 item(s) reported on remote host
+ End Time:        2009-01-25 0:16:00 (23 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

And remember, Gort! Klaatu barada nikto!

The KSD gem 0.0.1 is out! This is my simple keystroke dynamics library for Ruby GTK widgets. Developers can help out on GitHub.

Here are some screenshots of the included examples.

Enroll with login
or

Enroll with sentences

Try to log in

If you do it right, you will see something like:

Verified user aczid with mean accuracy of: 0.585
Logged in successfully!

Update Apparently somebody in China found this cool enough to blog about it! (translated)

I have written a paper about the security architecture and known vulnrabilities of DVB digital television systems.
This was a school project so the paper is in Dutch. I got an A for it!

PDF

I have written a simple keystroke dynamics analyzer/validator as a school project. An instance of Analysis can be attached to a widget, and its collected keystroke data can be averaged and compared using class methods in Analysis.
The Validation class holds class methods to manage a password hashes file and save/load encrypted keystroke analysis metrics to/from disk.

Full documentation is provided through RDoc annotations.

The code will be publicly browseable at my code site when I get permission to host it from my teacher. This is now a gem, and the code is available on github!