I occasionally write things, and when I do they usually end up here. There’s also an RSS feed.
I saw this SQL Murder Mystery appear on Hacker News recently, thought it sounded fun, and figured I’d do a quick write-up of how I worked through it.
If you want to follow along, go ahead and download the SQLite database
(which is copyright NUKnightLab and redistributed here under the MIT
license). You’ll need some kind of SQLite client to interact with it (I
just used the
sqlite3 CLI tool).
In addition to the database, it’s very helpful to start with a prompt:
A crime has taken place and the detective needs your help. The detective gave you the crime scene report, but you somehow lost it. You vaguely remember that the crime was a murder that occurred sometime on Jan. 15, 2018 and that it took place in SQL City. Start by retrieving the corresponding crime scene report from the police department’s database. If you want to get the most out of this mystery, try to work through it only using your SQL environment and refrain from using a notepad.
Despite what you may believe from simply looking at this site, I’ve actually done quite a bit of front-end development. A couple of years ago, I worked on a project with a friend of mine. For part of the project, he’d designed the behavior of a form control inspired by Material Design which I then built from scratch. Recently, he asked me to remind him how I’d implemented it, and I thought I’d take the opportunity to turn it into a blog post.
Information security is complicated. When you combine that with the fact that an increasing number of people seem to also consider it to be very important, the result is something I like to call “pop infosec.”
As in pop science or popular psychology, making information security accessible often involves simplifying concepts to improve their general palatability which results in laypeople overestimating their confidence. This “easiness effect” has been studied in the context of science communication, and likely applies to information security in a parallel sense.
While helping people protect themselves from security threats is certainly laudable, it’s important to do it responsibly in order to maximize benefit and minimize harm. Unfortunately, a few recent events I’ve noticed personally suggest that this is not happening.
I have a FreeBSD server which primarily serves as a jail host.
As such, I’d like to keep its installed packages to a minimum. FreeBSD’s
default install comes with
vi, but not
vi feels familiar
enough, but it becomes annoying not to have things like
gg available. So I
decided to install vim to make my life a little nicer:
I decided to take another crack at the jail configuration I started in
Experiment 1. After reading bits and
pieces of a few random websites (including various ServerFault posts), on an
inkling I added the line
interface = "bge0"; to my
/etc/jail.conf file and
service jail restart www (
bge0 is my LAN interface on the host). After
jexecing in, I tried
pkg install nginx again and it worked like a charm!
DHCP (Dynamic Host Configuration Protocol) is an integral part of most networks, from small home network to campuses serving thousands of devices. I recently realized that I didn’t have a solid understanding of how it functions. I knew that DHCP was used to obtain an IP address from a central server when joining a network, but wasn’t clear on how that negotiation takes place. How could a machine without an IP address talk to a server that it didn’t know the address of?
In my preparations for removing ESXi, I tried creating a simple jail on my test
helios. As part of my purpose is to learn as much as possible, I decided
against using a tool like
ezjail in favor of doing it “by hand.” While the
FreeBSD Handbook has some information on creating jails without using additional
tools, pretty much every other document I found suggested using ezjail. There’s
a chance I’ll revisit ezjail in the future, as it seems to have some helpful
features like having a “base jail” so you only need one copy of the FreeBSD base
system, but for now I’d like to do as much as possible without additional tools.
A few months ago, I purchased a beefy second-hand tower to act as a home server. I was looking to bring some of the services that I was previously outsourcing into a single location, and to expand my familiarity with networking and systems administration. Specifically, I wanted to:
On March 30th, 2016, CloudFlare posted a blog entry entitled “The Trouble with Tor” outlining the issues Cloudflare has with serving clients’ sites to Tor users. The Tor project quickly followed it up with their own post, “The Trouble with CloudFlare”, which presented an analysis of the situation from Tor’s perspective.
When I upgraded to Ubuntu 15.04, I was unable to log in. The machine started normally and I was presented with the login window. But when I entered my password, the screen went black for a few moments and then the login screen came back.
Here’s the situation I recently found myself in:
One of my pet peeves in website usability design is forcing people to create unnecessary accounts. My recent purchase of some concert tickets from Ticketfly required me to make an account to buy them. For people who buy a lot of concert tickets, having an account may make a lot of sense. But for me, as someone who buys concert tickets at most once every year or two, having an account on a site that I will probably only use once is not only unnecessary, it’s annoying.
Recently, I had to give a presentation and decided to do some research on using Markdown. By coincidence, I had also been looking into Puppet, a flexible and powerful configuration manager, when I stumbled across Showoff, another Puppet Labs project.
On September 29, 2014, CloudFlare, a web security company and CDN provider, announced that they would begin offering free, automatic SSL to all its customers (including those on their free plan). This is an enormous step forward for enhancing security and privacy on the Internet; while website owners would previously need to purchase an SSL certificate for their site and often pay extra for SSL hosting, CloudFlare now makes this all free. Plus, you get the benefits of their other services such as DDoS protection.
I recently wrote about migrating my website to GitHub Pages and noted that I wasn’t completely satisfied with my deployment workflow. Ideally, creating a build should be done in a single step. As I wrote, my previous build workflow required me to manually compile my LESS files before committing if I’d made changes. While my stylesheet doesn’t change often, this method is certainly not ideal.
A common frustration of Muhlenberg students is to print a document to a dorm printer only to find that the printer had no paper when going to collect it. This leads to both frustration and wasted paper, since when more paper is put into the printer, it will print out all the queued jobs from when the tray was empty. By that time, students have often given up and printed their document to another printer.
I’ve always been a fan of using Markdown to create web content. Several years ago, I created MDEngine, a small PHP script to render Markdown files in HTML dynamically. For a while, it was responsible for much of the content on my website. In October 2013, I began work on a fresh design. I decided to use a custom Node.js app deployed on Heroku for processing the Markdown. While this worked effectively, I always had some reservations.