Post

Security, broken with a quest for convenience

I feel compelled to write about something I just found out yesterday. It was about a service that CloudFlare proudly touted as an innovation on web security technology — Keyless SSL. It allows CloudFlare, as a CDN provider, to “securely” serve content for the origin, with the origin’s own TLS certificate, but without requiring the origin to give up its private key. At first I was pleasantly surprised. If something can really be done it will with no doubt boost the security and even redefine how CDNs work today. … »

It all started with humblebragging

I used to be an avid user of social media, and I truly believed that social media brought people together. When I was first introduced to social media back in high school, it was a pleasant surprise to find most of my childhood friends there, and it was really great to feel connected again (though most of us only lived several blocks apart). Back then social media was still a relatively informative place, since everybody was a student of some sort and had almost nothing to worry about except for the homework and exams (so these were also what we posted all the time…). … »

The (fake) football crisis

I never liked opinion sections on any media. I like facts, not speculations, or so-called analyses which in my opinion are just speculations from “experts” (I come from a culture where publicly speaking experts have no credibility whatsoever so I might be a little biased on the latter one). My critical feelings against media exacerbates as Tom Brady and his deflated footballs keep making national headlines, eclipsing real issues like the earthquake in Nepal or Ted Cruz’s outrageous comments on climate change. … »

When standard fails us

I guess I have finally lost my patience with C semantics. Although the C programming language is kind of infamous for its lack of memory safety and disastrous type system, I still believed that the programming language still represented intuition well, and given that an appropriate amount of attention is paid, all mistakes can be avoided. Well, turns out it is not the case when it comes to undefined behaviors. … »

Favorite quotes from The Part-time Parliament

The Greek island of Paxos has way too many mysteries, for both archaeologists and computer scientists. When I was first reading Dr. Leslie Lamport’s The Part-time Parliament, which was an epic introduction of a novel consensus protocol designed for distributed systems, I genuinely wondered who that group of archaeologists were and how Dr. Lamport managed to discover such perfect analogies between an ancient democracy and distributed computer systems. To be honest I almost planned my visit to the archaeology department myself. … »

What is the difference

I was confronted an ethical dilemma the other day. Although it is just a hypothetical one with the form of a series of academic discussions, I consider it to be serious enough to put up an article documenting it, and expressing some of my thoughts. The question at the center of the concerns is very simple: we, who identify ourselves as engineers, are we really making the difference we think we make? … »

How I Met Your Mother — A Finale and a fresh start

!!Spoilers alert!! !!Spoilers alert!! !!Spoilers alert!! If you haven’t watched the final episode, move your eyes away! Unless you don’t care about this series or haven’t been following it for a long time. When it freaked you out, they succeeded. Most people who watched the final episode of the 9-year-long series How I Met Your Mother on Monday found it hard to accept. More than a decade of time span was crammed into less than an hour (including those annoying commercial breaks), and most of us were not prepared at all for the final twist that literally “ruins” many’s ideals about the show. … »

The Wolf of Wall Street: Great Story, Bitter Reality

I saw the well received movie by the acclaimed director Martin Scorsese The Wolf of Wall Street yesterday, and I have to say the $7.50 student rate was truly a great bargain. The three-hour -long movie can be a little overwhelming, but from the laughters from the opening till the closing credits I can conclude that everybody enjoys it. It is definitely a great piece of entertainment (rated R, of course); it’s also a powerful piece of art, and perhaps most importantly, it’s one of the most thought-provoking storytellings that we don’t have the luck to encounter every year. … »

Terminologies: good or evil?

Due to some reason, I read through an article written in 1990 by Dorothy Winsor, titled The Construction of Knowledge in Organizations, which presents a stunning new view towards some critical failure contributing to the Challenger’s accident in 1986. One of Winsor’s points in this article is that the decision-making body at the time was not necessarily aware of the situation, which is contrary to the most widely accepted public perception of the official investigation on this accident. … »

Brute-forcing for a reason

Last week I was assigned the task to brute-force the MD5 hashing function in-order to demonstrate a SQL injection to the following PHP login handler: // escaping username inputs, should be safe in most cases $username = mysql_real_escape_string($_GET['username']); // hashing the password input $password = md5($_GET['password'], true); $query = "SELECT * FROM `users` WHERE username='$username'". " AND password='$password';"; // searching for records $result = mysql_query($query, $dbh); if(mysql_num_rows($result) > 0) { echo "login successful! … »