How to setup NUS SoC VPN on MAC OS

Wang Pidong's Homepage: How to setup NUS SoC VPN on MAC OS

Beginning Django in Windows: MySqlDB and CSRF Failure

The first problem is met when I am connecting Django with MySql.

Installing MySqldb (or MySql-python) from the site:

http://www.codegood.com/

It has MySQL-python 1.2.3 for Windows and Python 2.7

The second problem is Forbidden (403) CSRF verification failed. Request aborted.

Assuming everything else is fine.

The solution is to add into "settings.py=>MIDDLEWARE_CLASSES"
the line

'django.middleware.csrf.CsrfResponseMiddleware',

How to use CSRF

To enable CSRF protection for your views, follow these steps:

1. Add the middleware 'django.middleware.csrf.CsrfViewMiddleware' to your list of middleware classes,MIDDLEWARE_CLASSES. (It should come and before any view middleware that assume that CSRF attacks have been dealt with.)
   Alternatively, you can use the decorator csrf_protect() on particular views you want to protect (see below).
2. In any template that uses a POST form, use the csrf_token tag inside the
   element if the form is for an internal URL, e.g.:
   

   {% csrf_token %}

   This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability.
3. In the corresponding view functions, ensure that the 'django.core.context_processors.csrf' context processor is being used. Usually, this can be done in one of two ways:
   1. Use RequestContext, which always uses 'django.core.context_processors.csrf' (no matter what your TEMPLATE_CONTEXT_PROCESSORS setting). If you are using generic views or contrib apps, you are covered already, since these apps use RequestContext throughout.
   2. Manually import and use the processor to generate the CSRF token and add it to the template context. e.g.:

      from django.core.context_processors import csrf from django.shortcuts import render_to_response  def my_view(request):     c = {}     c.update(csrf(request))     # ... view code here     return render_to_response("a_template.html", c) 

      You may want to write your own render_to_response() wrapper that takes care of this step for you.

The utility script extras/csrf_migration_helper.py can help to automate the finding of code and templates that may need these steps. It contains full help on how to use it.

Kill Processes From The Command Prompt In Windows 7

Kill Processes From The Command Prompt In Windows 7

A few processes start with Windows implicitly by default.

One way to remove these processes is to use msconfig in run.

Then tick off any program that should not start up with Windows.

But some processes do stay even the first way is applied. Use these commands to kill them. (Caution: do know what you are doing before doing it)

In CMD window:

1. Enter command 'tasklist'

2. To kill a process with a name. E.g. To kill firefox, enter the command 'Taskkill /IM firefox.exe /F', /F means by force.

3. To kill a process with PID, enter 'Taskkill /PID 364 /F'

Enjoy!

Kill Processes From The Command Prompt In Windows 7

Kill Processes From The Command Prompt In Windows 7

A few processes start with Windows implicitly by default.

One way to remove these processes is to use msconfig in run.

Then tick off any program that should not start up with Windows.

But some processes do stay even the first way is applied. Use these commands to kill them. (Caution: do know what you are doing before doing it)

In CMD window:

1. Enter command 'tasklist'

2. To kill a process with a name. E.g. To kill firefox, enter the command 'Taskkill /IM firefox.exe /F', /F means by force.

3. To kill a process with PID, enter 'Taskkill /PID 364 /F'

Enjoy!

How To Safely Store A Password | codahale.com

How To Safely Store A Password | codahale.com

Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}?

These are all general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. This means that they are fantastic for ensuring the integrity of data and utterly rubbish for storing passwords.

A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds.

And that's without investing anything.

If you're willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. And that rate you'll be cracking those passwords at the rate of more than one per second.

Salts Will Not Help You

It's important to note that salts are useless for preventing dictionary attacks or brute force attacks. You can use huge salts or many salts or hand-harvested, shade-grown, organic Himalayan pink salt. It doesn't affect how fast an attacker can try a candidate password, given the hash and the salt from your database.

Salt or no, if you're using a general-purpose hash function designed for speed you're well and truly effed.

bcrypt Solves These Problems

How? Basically, it's slow as hell. It uses a variant of the Blowfish encryption algorithm's keying schedule, and introduces a work factor, which allows you to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore's law. As computers get faster you can increase the work factor and the hash will get slower.

How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password yaaain about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.

So we're talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I'd be cracking them every 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcryptallows you to choose your balance of speed and security. Use it.

tl;dr

Use bcrypt.

Updated February 24th, 2011

I've been getting pretty regular emails about this article for the past year, and I figured I'd address some of the concerns here rather than have the same conversations over and over again.

Isn't bcrypt just Blowfish? Where do you store the password?

Please read the Provos & Mazières paper. bcrypt is an adaptive password hashing algorithm which uses the Blowfish keying schedule, not a symmetric encryption algorithm.

You said salts aren't helpful, but what about rainbow tables? Why would you suggest people not use salts?

As the Provos & Mazières paper describes, bcrypt has salts built-in to prevent rainbow table attacks. So I'm not saying salts are without purpose, I'm saying that they don't prevent dictionary or brute force attacks (which they don't).

Rainbow tables, despite their recent popularity as a subject of blog posts, have not aged gracefully. CUDA/OpenCL implementations of password crackers can leverage the massive amount of parallelism available in GPUs, peaking at billions of candidate passwords a second. You can literally test all lowercase, alphabetic passwords which are ≤7 characters in less than 2 seconds. And you can now rent the hardware which makes this possible to the tune of less than $3/hour. For about $300/hour, you could crack around 500,000,000,000 candidate passwords a second.

Given this massive shift in the economics of cryptographic attacks, it simply doesn't make sense for anyone to waste terabytes of disk space in the hope that their victim didn't use a salt. It's a lot easier to just crack the passwords. Even a "good" hashing scheme ofSHA256(salt + password) is still completely vulnerable these cheap and effective attacks, thus the importance of an adaptive hashing algorithm like bcrypt.

中国常见疾病死亡率排行榜

排位	疾病死亡原因	占死亡总λ数 (%)
1	恶性肿瘤	22.17%
2	脑血管病	22.63%
3	心脏病	16.77%
4	呼吸系统	14.09%
5	损伤、中毒	6.18%
6	消化系统疾病	3.10%
7	内分泌 , 营养代谢系统	2.66%
8	泌尿、生殖系病	1.49%
9	精神病	1.16%
10	神经病	0.97%

Google Url shortener

My homepage at NUS: http://goo.gl/nPfiu

My blog: http://goo.gl/zJlZv

My homepage at AU: http://goo.gl/NU63q