Blog, by date: 2008_jul
from the desk of travis johnson.
Dijkstra's Algorithm Paper (from 2008/07/30)
The week before my sister’s wedding, I was tasked with writing a paper on Dijkstra’s Algorithm for my Discrete Mathematical Modeling class. I think I might have missed the mark a little bit, but I had so much fun writing it that I’m posting it here.
I’m almost considering writing some more stuff in this style… anything anyone would like to see written about?
Here’s a link: Dijkstra’s Algorithm
Of Weddings and Best Men (from 2008/07/15)
This past weekend I had the honor of being the Best Man at my sister Crystal’s wedding. It was a beautiful wedding at Silverlake Winery in Zillah, WA. I highly recommend it to anyone looking for a pretty spot like that, and it was definitely adequate for our relatively small 120 person party. Also, the wine was excellent. I enjoyed their Chenin Blanc most of the night, though I tried everything about twice, and ended up going home with some of their Reserve Chardonnay.
I had what I what I wanted to say for the speech typed up, so it wasn’t a whole lot of trouble to polish it off with a little bit of typesetting and post it here. It received unianimously good feedback, and was a great moment for me. I feel a little bad, because I sorta feign unassuredness to hear how good it was again, but so far everyone seems pretty happy to oblige. On a distantly related note, I’d really like to get in the habit of speaking more often. I m ight look into Toastmasters when I get back from Brazil. Anyways, here’s a link to the speech: A Toast for Jared and Crystal Mathey
PHP Vulnerability Checklist (from 2008/07/10)
Ray(the boss) and I were chatting about how we should implement our secure upload page. The way it should work is, an IP is added to the genhosts database, it sets up a 5 minute wait, and at the end of five minutes, redirects to the data upload page, at which point the computer is allowed to connect, since the new IP has propogated into etchosts.allow(via a cronjob that takes MySQL entries and parses them(via HTTP and XML) into the standard etchosts.allow format). It’s basically working, but we’re having a bunch of trouble getting IE and Firefox to redirect, since IE apparently detects my window.location.href and location.replace calls as popups, and blocks them.
My first reaction was, ‘I wonder if there’s any way we can completely eliminate the wait?’ I can’t really come up with anything though, aside from sudoing to run the genhosts.py command, which is somewhat of a vulnerability since the commands are running as root. This got me thinking, though, that my MySQL -> XML scripts are totally not up to par security-wise, so I looked around a little bit for a good checklist and ended up finding Rob’s PHP Security Guide. It’s a great little guide. I’m trying some more to think outside of the box on this one, and so far all I’ve really come up with is a somewhat more complicated system of:
1. Admin creates some sort of token, emails the uploader a link to a page(perhaps automatedly). 2. The uploader enters the token and his email address. 3. The web server validates the token, adds the IP address, and waits for genhosts to run(ie, for the IP to show up in etchosts.allow. This way we only require read access by apache on etchosts.allow), then emails the user the link to the regular uploading page.
I think this would be pretty sweet, and would also let us cross-reference specific authorizations (by the tokens) to certain IP addresses in the database, and it sortof removes that whole aspect of having the user sit at his web browser and wait for a countdown.
A more probable solution, at least for tonight, is to run a progress bar that’s not tied to anything in particular, since that’s what Ray wants. It actually seems to work okay in this configuration, assuming that our users have enough patience to wait for the meta refresh… Time will tell, I suppose!
NSA's RHEL5 Guide (from 2008/07/07)
One of my tasks at work is to write up a security checklist of sorts, and from one of Ryan’s notes, I happened across the NSA’s Red Hat Enterprise Linux 5 guide. It’s pretty cool and covers basically everything. Have a look: