The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,414 other followers

Archive for the ‘Algorithms’ Category

roll a dice – Google Search

Posted by jpluimers on 2018/09/13

Happy programmers’ day!

Source: roll a dice – Google Search

Inspired by [WayBackSure, Google. Sure.

–jeroen

Read the rest of this entry »

Posted in Algorithms, Development, Fun, Quotes, Software Development | Leave a Comment »

Spelling with element symbols from the Periodic table

Posted by jpluimers on 2018/09/11

The [WayBackPeriodic table – Wikipedia contains many symbols.

Combing them allows you to spell word. Not all words, but many of them can be spelled.

So I was glad finding the below article that started with the same fascination I had in chemistry class.

[WayBackSpelling with Elemental Symbols

It has a great explanation of the algorithm, references to computer science literature and a nice Python implementation.

via: [WayBack] One of the best programming articles I’ve read in a while – This is why I Code – Google+

–jeroen

Read the rest of this entry »

Posted in Algorithms, Development, Fun, LifeHacker, Power User, Python, science, Scripting, Software Development | Leave a Comment »

on the dB scales and audio

Posted by jpluimers on 2018/09/03

  • Double or twice the loudness = factor 2 means about 10 dB more sensed loudness level (psycho acoustic)
  • Double or twice the voltage = factor 2 means 6 dB more measured voltage level (sound pressure level)
  • Double or twice the power = factor 2 means 3 dB more calculated power level (sound intensity level)

Now that we’ve straightened that one out…

–jeroen

Source: [WayBackOutdoor speaker met versterker ontworpen door tweaker haalt doel op Kickstarter – Beeld en geluid – Nieuws – Tweakers

Posted in Algorithms, Development, LifeHacker, Power User, Software Development | Leave a Comment »

Automated “take-down” algorithm simulation: thread by @AlecMuffett: “Regards Article13, I wrote up a little command-line false-positive emulator; it tests 10 million events with a test (for copyrighted material […]” #Article13

Posted by jpluimers on 2018/07/08

Via [WayBack] Artikel 13 (Uploadfilter) vs. Math – Math wins – Kristian Köhntopp – Google+:

Simulation of the proposed law effects are easy: [WayBackThread by @AlecMuffett: “Regards Article13, I wrote up a little command-line false-positive emulator; it tests 10 million events with a test (for copyrighted material) […]” #Article13

What it shows that an automated test for content-originality only succeeds when there are a truckload of copyrighted-material uploads than original-content uploads:

about 1 in 67 postings have to be “bad” in order to break even

So if you have less than 1% false uploads, even with a 98.5% accuracy (which is very very good for a take-down algorithm!), you will piss off far more good items wrongly marked as false positive, than bad items correctly marked bad.

When the accuracy gets less, you piss-off far more original-content uploads, but also catch less copyrighted-material uploads..

This is called the a far less “sexy” term False positive paradox – Wikipedia, which is a specialisation of the far mor dull sounding Base rate fallacy – Wikipedia

Source code: [WayBack] random-code-samples/falsepos.py at master · alecmuffett/random-code-samples · GitHub

Original thread:

[WayBack] Alec Muffett on Twitterさん: “Regards #Article13, I wrote up a little command-line false-positive emulator; it tests 10 million events with a test (for copyrighted material, abusive material, whatever) that is 99.5% accurate, with a rate of 1-in-10,000 items actually being bad.… https://t.co/CJvxdvkiom”

https://twitter.com/alecmuffett/status/1015594170424193024

and

[WayBack] next_ghost on Twitter: “And for the nerds who want to learn more, this is called a “False positive paradox”. https://t.co/CIvw2ni21q… “

 

–jeroen

Posted in Algorithms, Development, Software Development | 1 Comment »

Client-Side Password Hashing – DelphiTools

Posted by jpluimers on 2018/05/03

Interesting thought on client-side password hashing: [Archive.isClient-Side Password Hashing – DelphiTools.

I’ve ambivalent feelings on it, especially since it will expose salt and other settings to the client.

On the other hand it tremendously helps when there are transparent proxies in between. Read the article for full details; here is just one quote below.

Maybe dual hashing would be in place: once at the client to prevent plain-text to go over MITM channels, and a second hash server side with different settings like salt to prevent brute force attacks.

I need to give this more thought.

The quote:

If you are using a regular Windows and a regular browser, access to HTTPS will go through the regular certificate chain, using regular certificate authority. You also benefit from extra security layers like Public Key Pinning.

But when a custom Root CA is installed, all that goes through the window: the custom Root CA allows the corporate proxies to issue “valid” certificates for any website (even google.com and the rest), and the public key pinning features are disabled:

How does key pinning interact with local proxies and filters?

Chrome does not perform pin validation when the certificate chain chains up to a private trust anchor. 

A key result of this policy is that private trust anchors can be used to proxy (or MITM) connections, even to pinned sites. “Data loss prevention” appliances, firewalls, content filters, and malware can use this feature to defeat the protections of key pinning.

All the major browsers have a similar behavior… because it is required to allow transparent proxies. And transparent proxies are the means through which the legal logging requirements are fulfilled.

So besides introducing a major MITM opportunity, this also means that there are legally-required corporate logs somewhere of all that went through HTTPS… including plain text passwords, if you did not hash them on the client-side.

These logs will have varying degrees of security when in the corporate domain… and next to none if they are ever requested by the legal system for an investigation.

–jeroen

 

Posted in Algorithms, Design Patterns, Development, Hashing, Power User, Security, Software Development | Leave a Comment »

 
%d bloggers like this: