How to setup NUS SoC VPN on MAC OS

Wang Pidong's Homepage: How to setup NUS SoC VPN on MAC OS

Beginning Django in Windows: MySqlDB and CSRF Failure

The first problem is met when I am connecting Django with MySql.

Installing MySqldb (or MySql-python) from the site:

http://www.codegood.com/

It has MySQL-python 1.2.3 for Windows and Python 2.7

The second problem is Forbidden (403) CSRF verification failed. Request aborted.

Assuming everything else is fine.

The solution is to add into "settings.py=>MIDDLEWARE_CLASSES"
the line

'django.middleware.csrf.CsrfResponseMiddleware',

How to use CSRF

To enable CSRF protection for your views, follow these steps:

1. Add the middleware 'django.middleware.csrf.CsrfViewMiddleware' to your list of middleware classes,MIDDLEWARE_CLASSES. (It should come and before any view middleware that assume that CSRF attacks have been dealt with.)
   Alternatively, you can use the decorator csrf_protect() on particular views you want to protect (see below).
2. In any template that uses a POST form, use the csrf_token tag inside the
   element if the form is for an internal URL, e.g.:
   

   {% csrf_token %}

   This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability.
3. In the corresponding view functions, ensure that the 'django.core.context_processors.csrf' context processor is being used. Usually, this can be done in one of two ways:
   1. Use RequestContext, which always uses 'django.core.context_processors.csrf' (no matter what your TEMPLATE_CONTEXT_PROCESSORS setting). If you are using generic views or contrib apps, you are covered already, since these apps use RequestContext throughout.
   2. Manually import and use the processor to generate the CSRF token and add it to the template context. e.g.:

      from django.core.context_processors import csrf from django.shortcuts import render_to_response  def my_view(request):     c = {}     c.update(csrf(request))     # ... view code here     return render_to_response("a_template.html", c) 

      You may want to write your own render_to_response() wrapper that takes care of this step for you.

The utility script extras/csrf_migration_helper.py can help to automate the finding of code and templates that may need these steps. It contains full help on how to use it.

Kill Processes From The Command Prompt In Windows 7

Kill Processes From The Command Prompt In Windows 7

A few processes start with Windows implicitly by default.

One way to remove these processes is to use msconfig in run.

Then tick off any program that should not start up with Windows.

But some processes do stay even the first way is applied. Use these commands to kill them. (Caution: do know what you are doing before doing it)

In CMD window:

1. Enter command 'tasklist'

2. To kill a process with a name. E.g. To kill firefox, enter the command 'Taskkill /IM firefox.exe /F', /F means by force.

3. To kill a process with PID, enter 'Taskkill /PID 364 /F'

Enjoy!

Kill Processes From The Command Prompt In Windows 7

Kill Processes From The Command Prompt In Windows 7

A few processes start with Windows implicitly by default.

One way to remove these processes is to use msconfig in run.

Then tick off any program that should not start up with Windows.

But some processes do stay even the first way is applied. Use these commands to kill them. (Caution: do know what you are doing before doing it)

In CMD window:

1. Enter command 'tasklist'

2. To kill a process with a name. E.g. To kill firefox, enter the command 'Taskkill /IM firefox.exe /F', /F means by force.

3. To kill a process with PID, enter 'Taskkill /PID 364 /F'

Enjoy!

How To Safely Store A Password | codahale.com

How To Safely Store A Password | codahale.com

Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}?

These are all general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. This means that they are fantastic for ensuring the integrity of data and utterly rubbish for storing passwords.

A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds.

And that's without investing anything.

If you're willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. And that rate you'll be cracking those passwords at the rate of more than one per second.

Salts Will Not Help You

It's important to note that salts are useless for preventing dictionary attacks or brute force attacks. You can use huge salts or many salts or hand-harvested, shade-grown, organic Himalayan pink salt. It doesn't affect how fast an attacker can try a candidate password, given the hash and the salt from your database.

Salt or no, if you're using a general-purpose hash function designed for speed you're well and truly effed.

bcrypt Solves These Problems

How? Basically, it's slow as hell. It uses a variant of the Blowfish encryption algorithm's keying schedule, and introduces a work factor, which allows you to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore's law. As computers get faster you can increase the work factor and the hash will get slower.

How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password yaaain about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.

So we're talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I'd be cracking them every 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcryptallows you to choose your balance of speed and security. Use it.

tl;dr

Use bcrypt.

Updated February 24th, 2011

I've been getting pretty regular emails about this article for the past year, and I figured I'd address some of the concerns here rather than have the same conversations over and over again.

Isn't bcrypt just Blowfish? Where do you store the password?

Please read the Provos & Mazières paper. bcrypt is an adaptive password hashing algorithm which uses the Blowfish keying schedule, not a symmetric encryption algorithm.

You said salts aren't helpful, but what about rainbow tables? Why would you suggest people not use salts?

As the Provos & Mazières paper describes, bcrypt has salts built-in to prevent rainbow table attacks. So I'm not saying salts are without purpose, I'm saying that they don't prevent dictionary or brute force attacks (which they don't).

Rainbow tables, despite their recent popularity as a subject of blog posts, have not aged gracefully. CUDA/OpenCL implementations of password crackers can leverage the massive amount of parallelism available in GPUs, peaking at billions of candidate passwords a second. You can literally test all lowercase, alphabetic passwords which are ≤7 characters in less than 2 seconds. And you can now rent the hardware which makes this possible to the tune of less than $3/hour. For about $300/hour, you could crack around 500,000,000,000 candidate passwords a second.

Given this massive shift in the economics of cryptographic attacks, it simply doesn't make sense for anyone to waste terabytes of disk space in the hope that their victim didn't use a salt. It's a lot easier to just crack the passwords. Even a "good" hashing scheme ofSHA256(salt + password) is still completely vulnerable these cheap and effective attacks, thus the importance of an adaptive hashing algorithm like bcrypt.

中国常见疾病死亡率排行榜

排位	疾病死亡原因	占死亡总λ数 (%)
1	恶性肿瘤	22.17%
2	脑血管病	22.63%
3	心脏病	16.77%
4	呼吸系统	14.09%
5	损伤、中毒	6.18%
6	消化系统疾病	3.10%
7	内分泌 , 营养代谢系统	2.66%
8	泌尿、生殖系病	1.49%
9	精神病	1.16%
10	神经病	0.97%

Google Url shortener

My homepage at NUS: http://goo.gl/nPfiu

My blog: http://goo.gl/zJlZv

My homepage at AU: http://goo.gl/NU63q

Converting UTM coordinates into latitude and longitude coordinates

The coordinates used in the raw GPS data are sometimes in the UTM (Universal

Transverse Mercator coordinate system) format.

There is a need to convert them into into latitude and longitude coordinates for reverse-geocoding with Google Map API.

There may be many ways of doing the conversion. The following are two ways:

1. The method introduced by Salkosuo (java lib) http://www.ibm.com/developerworks/java/library/j-coordconvert/
2. Postgis extension provides in-database conversion function.

[转帖]全欧洲廉价航空公司一览

德国

　　1,AIR BERLIN柏林航空

　　http://www.airberlin.com/

　　以德国为基地,航线数量相当多,几乎能达到所有的西欧和南欧主要旅游城市和度假地,机上有供应免费饮料和报纸。经常推出减价活动.一般29EU起.

　　2,GERMANWINGS德国之翼

　　http://www.germanwings.com/

　　汉莎控股,飞往欧洲各地，行李限重8kg，无儿童票。不过由于是汉莎的子公司，所以相比其他航空公司，Germanwings的服务，尤其是空中服务要更好一些。以科隆,斯图加特,柏林三个城市为基地,航线数量多,每周四打折19EU起,但是如果不提前订票和碰上打折,机票价格比较贵.

　　3,GERMANIA EXPRESS

　　http://www.gexx.de/

　　在德国大多数城市都有起飞的航班,目的地为意大利,希腊以及地中海度假区,值得一提的是有前往莫斯科的廉价航班.

　　4,HAPAG LLOYD

　　http://www.hlx.com/

　　德国最大廉价航空之一,航线繁多。主要飞往意大利,西班牙和地中海一些岛屿,每周二打折,价格一般19.99EU起。起飞的都是一些大城市的主要机场,离市区比较近,这个优点不错.

　　5,dba

　　www.flydba.com

　　以慕尼黑和杜赛尔多夫为基地,主要飞往德国各大城市和希腊,意大利,法国南部等地,价格一般,40EU左右.

　　6,LTU

　　http://www.ltu.de/

　　呵呵,LTU旅行社包机比较多,航班数量多,在德国RUHR区,有时候有特价票,不过数量有限,以前还有飞往中国重庆的航班,不知道现在还有没有.

　　7,LowFareJet

　　http://www.lowfarejet.de/

　　每日从Hannover飞往Luton and Glasgow及Paris。是少数提供air miles program.的低价航空公司线之一,忘了说,前面的DBA也提供里程积分.

　　8,CONDOR

　　http://www.condor.com/

　　Thomas Cook旗下的子公司。经常能找到非常优惠的价格。

　　经常提供两种价格的打折票,29EU的短途航线和99EU的长途航线,飞行目的地以度假区为主,99EU的机票一般从法兰克福出发,前往马尔代夫,曼谷,加拿大,美国等地,相当超值.

　　最大的缺点是,航班搜索系统做的比较糟糕

　　9,LUFTHANSA

　　http://www.lufthansa.com/

　　汉沙经常有100EU左右的特价票,前往欧洲各大城市,虽然比一般的廉价航空要贵,但是考虑到汉沙的服务以及飞的都是中心机场,也还可以了.

　　英国和爱尔兰

　　1,Ryanair

　　http://www.ryanair.com/

　　欧洲最出名的廉价航空公司，有很好的口碑，在欧洲机场数目也多，打折促销也很多,从英国和爱尔兰17个机场,飞往欧洲地区50多个城市,而且提供很多欧洲内陆城市之间的航班服务,优点是价格低廉,他的廉价票是最容易买的,缺点,他飞的几乎都不是城市的中心机场,大部分都是离他所称的城市几十到一百公里的小机场,一般从机场到市区需要再花费10到20EU.因为这个原因,我觉得RYANAIR反而不如EASYJET,HLX之类的,因为加上前往市区的交通费,往往比别的航空公司贵.

　　2,EASYJET

　　http://www.easyjet.com/

　　欧洲最大的廉价航空公司之一,有203条航线,飞往欧洲61个城市,遍布欧洲大陆主要城市和波罗的海沿岸,价格一般20EU起,提前订票一般都在30到60EU之间含税,飞的都是主要机场,不错,值得推荐!

　　3,AIR SCOTLAND

　　http://www.air-scotland.com/

　　苏格兰航空,飞往英国,西班牙,希腊的航班比较多

　　从Edinburgh、Glasgow及Aberdeen飞往Palma、Barcelona、Tenerife、Alicante、Malaga及Fuerteventura。

　　4,JET2

　　http://www.jet2.com/

　　是家新的低价航空公司，从Leeds Bradford飞往欧洲10个城市。

　　5,BMIBABY

　　http://www.bmibaby.com/

　　英国三大廉价航空之一,主要飞往西班牙南部,荷兰,捷克以及英国国内航班,价格20镑起.

　　6,FLYGLOBESPAN

　　http://www.flyglobespan.com/

　　苏格兰廉价航空公司,主要从爱丁堡飞往地中海岛屿以及沿岸的度假城市,还有前往布拉格和瑞士的航班.20人以上有团体票提供.

　　7,MY TRAVEL LITE

　　http://www.mytravellite.com/

　　以伯明翰为基地,和FLYGLOBESPAN差不多,飞往地中海岛屿以及沿岸的度假城市(以西班牙为主).

　　8,THOMSONFLY

　　http://www.thomsonfly.com/

　　主要飞往德国,西班牙南部,意大利和巴黎,以及英国和爱尔兰之间的航班,机票15EU起.

　　9,BUDGET AIR

　　http://www.budgetair.ie/

　　爱尔兰的廉价航空公司,从都柏林飞往西班牙和葡萄牙南部,价格50EU左右

　　10,MONARCH

　　http://www.monarch-airlines.com/

　　英国的廉价航空,从伦敦等地飞往西班牙为主.

　　11,britanniadirect

　　http://www.britanniadirect.com/

　　英国各地往返Malta、Malaga、Naples、Venice。

　　12,AER LINGUS

　　http://www.aerlingus.com/

　　爱尔兰的航空公司,主要从都柏林飞往欧洲大陆主要城市,价格从十几欧到一百多欧.

　　13,Flybe

　　http://www.flybe.com/

　　Flybe前身为British European，从英国和爱尔兰20个机场飞往全欧及纽约，行李限重20kg。

　　14,Jetmagic

　　http://www.jetmagic.com/

　　以Cork为基地,飞往欧洲大陆,航线不多,10来条吧

　　15,Now

　　http://www.now-airlines.com/

　　Luton第二低价航空公司，2003年暑期开始营运，飞往7个城市，Manchester、 Hamburg、Jersey、Rome、Lisbon、Ibiza及Tenerife，票价约35~75英镑。

Acceptance rates major database conferences

Conference	Average acceptance rate
SIGMOD	16%
EDBT	16%
VLDB	16%
ICDE	17%
PODS	21%
CIKM	22%
ER	25%
ICDT	27%

Patricia-trie A Java trie implementation

Examples - patricia-trie - Some very simple examples how to use the PATRICIA Trie - PATRICIA Trie in Java - Google Project Hosting

What I was looking for.

Database conferences

Conference	Conf. Dates	Abstract Deadline	Paper Deadline	Notification	Location
SIGMOD 2012	20/05-25/05	25/10/2011	01/11/2011	14/02/2012	Scottsdale, Arizona, USA
VLDB 2012	27/08-31/08	1st day per month	1st day per month	May 19, 2012	Istanbul， Turkey
ICDE 2012@Arlington, US	April 01-05, 2012	July 12, 2011	July 19, 2012	Sep 27, 2012	ICDE 2012
EDBT 2012@Berlin	21/03-25/03	29/09/2011	Oct 6 2011	-	EDBT 2012
MDM 2012@London	06/06-09/09	29/11/2011	-	-	London
SSTD 2011@Minneapolis	Aug 24-26, 2011	18/02/2011	25/02/2011	Apr 29, 2011	-
DASFAA 2012	02-05/04/2012	-	30/09/2011		Pusan / South Korea
DEXA 2011 @ Toulouse, France	29/08-02/09/2011	-	-	-	DEXA 2011
SSDBM @ Portland, Oregon	Jul 20-22, 2011	-	January	Mar 28, 2011
ICDM @ Vancouver, Canada	Dec 11-14, 2011	-	Jun 17, 2011	Sep 16, 2011	-

Convert ArrayList to Array in Java. ArrayList to Array. Java Collection

A lot of time I have to convert ArrayList to Arrays in my Java program. Although this is a simple task, many people don’t know how to do this and end up in iterating the java.util.ArrayList to convert it into arrays. I saw such code in one of my friends work and I thought to share this so that people don’t end up writing easy thing in complicated way.

ArrayList class has a method called toArray() that we are using in our example to convert it into Arrays.

Following is simple code snippet that converts an array list of countries into string array.

List list = new ArrayList;
list.add("India");
list.add("Switzerland");
list.add("Italy");
list.add("France");
String [] countries = list.toArray(new String[0]);

So to convert ArrayList of any class into array use following code. Convert T into the class whose arrays you want to create.

List list = new ArrayList;
T [] countries = list.toArray(new T[list.size()]);

Convert Array to ArrayList

We just saw how to convert ArrayList in Java to Arrays. But how to do the reverse? Well, following is the small code snippet that converts an Array to ArrayList:

String[] countries = {"India", "Switzerland", "Italy", "France"};
List list = new ArrayList(Arrays.asList(countries));
System.out.println("ArrayList of Countries:" + list);

Microsoft Intune hits the street March 23

On 23 March, Microsoft announced the general availability of Windows Intune as well as the Windows Intune 30 day trial. Windows Intune simplifies how businesses manage and secure PCs using Windows cloud services and the Windows 7 operating system—so your computers and users can operate at peak performance from virtually anywhere.

If you have not already visited the Windows Intune Zone on the Springboard Series, you are encouraged to do so. As you start to the trial, please be aware of some key resources to help you make the most of your Windows Intune experience

• Getting Started With Windows Intune
• Windows Intune: Frequently Asked Questions
• Windows Intune: Help and Support
• Windows Intune IT Professional Forum on TechNet
• and our newest guide - Deploying the Windows Intune Agent

For those who prefer videos, check out Windows Intune Quick Overview, Introducing Windows Intune Client Tools, Working with Windows Intune Groups and Windows Intune Remote Assistance in Action

Also make sure to join Microsoft Technical Fellow and host Mark Russinovich for the Windows Intune Technology Tune-up. This virtual roundtable event is your chance to ask a panel of IT professionals and Windows Intune experts your questions about cloud-based PC management.

Outlook 2010: how to auto-archive (backup) emails

Emails are too important to lose. In the following scenarios, AutoArchiving can come in handy.

1. Your given email account has limited capacity.
2. You could not remember to archive (backup) your old emails regularly.

The steps to activate auto-archive are:

1. Start your favourite outlook 2010
2. Click on tab "Folder"
3. Click "AutoArchive Settings" in the tool bar, and an "Inbox Properties" message box appears
4. The default is "Do not archive", but we need to change it. Select the "Archive using default settings" or "Archive using these settings" to customize auto-archive.
5. My suggestion is to create a backup personal data file (pst files) for archiving. pst files can be easily migrated to other outlook clients. For the tip to create new pst files, see my previous blog "Outlook 2010: how to create personal data file".

Outlook 2010: how to create personal data file

It is a bit tricky to create personal data file in outlook 2010.

Here are the steps:

1. Start your favourite outlook 2010
2. Click on "New items", and a drop-down list appears
3. Hover to more items
4. Click the nice 'outlook data file...' in another drop-down list
5. Choose the location for your new data file and Save

That's it!