Disclaimer / Motivation

First of all, it is important to note that this isn’t supposed to be a benchmark. The results of this test are worth what they are, it only means that PHP performed better than perl for this particular program.

For my thesis, I need to analyse large sets of data. The data is stored in the DataSeries format, which is a format developed by HP Labs specially for these type of things. I need to do several things with the data, so I created a script to do some basic analysis.

I had several options: I could write a shell script, or choose php or perl or something else instead. I realized that writing a shell script for this would be very complex, so I pondered between PHP and Perl. My feeling is that PHP is more suitable for Web and Perl is more suitable for sysadmin tasks, parsing, etc. I should choose Perl then, but my knowledge of Perl is very very basic, so I would need to learn it first. Unfortunately I am running against time, so I ended up choosing PHP since it would be very easy for me to write the script.

The test

So I wrote a first version of the PHP script. The script is not optimized whatsoever, but works as expected. The problem with a large dataset is that its parsing takes ages, and my first run took ages. I started wondering if a Perl equivalent would be a lot faster than the script I wrote, so I asked a friend to write an equivalent script in Perl. He wrote it and I ran both scripts at the same time on the same server. My friend noticed later that he had left an extra instruction in the main loop that doesn’t exist in the PHP version. Anyway, both scripts were already running so I didn’t abort the run. The results were quite surprising. The PHP version took 551m56.349s and the Perl equivalente took 712m16.792s.
Continue reading →

As promised in my 1st semester retrospective, here is a retrospective of the 2nd semester (Spring Semester).

The second semester was consisted of three courses, two core courses and one free elective. I picked the following courses:

• Distributed Systems
• Network Security
• Secure Software Systems

You can take a look at the syllabus for each course here. I can’t tell for sure which semester was tougher, the 1st or this one. I guess this 2nd semester involved more work, but you are more used to it, so you can handle things better.

Continue reading →

In Erlang, single assignment is like algebra…

When I went to school, my math teacher said, “If there’s an X in several different parts in the same equation, then all the Xs mean the same thing.” That’s how we can solve equations: if we know that X+Y=10 and X-Y=2, then X will be 6 and Y will be 4 in both equations.

But when I learned my first programming language, we were shown stuff like this:
X = X + 1

Everyone protested, saying “you can’t do that!”. But the teacher said we were wrong, and we had to unlearn what we learned in math class. X isn’t a math variable: it’s like a pigeon hole/little box…

In Erlang, variables are just like they are in math. When you associate a value with a variable, you’re making an assertion – a statement of fact. This variable has that value. And that’s that.

In “Armstrong, Joe; Programming Erlang; The Pragmatic Programmers; 2007“

In regards to real time…

By convention, this function increases at a rate equal to 9192631770 times the period of the radiation emitted by the transition between two hyperfine levels of the ground state atomic cesium 133, a time unit which people have agreed to call second,

In “Veríssimo P, Rodrigues L.; Distributed Systems for System Architects; KAP; 2001“

Despite what some people (including RapidSSL) said about the recent MD5 collision attack on SSL, the truth is that just because RapidSSL stopped using MD5 for issuing certificates it doesn’t mean the world is safe again.

The researchers were able to create a rogue Certification Authority certificate. That means they have a valid CA certificate, or that they can create any certificate they want for any site. No one tells me that a crime organization wasn’t able to do the same, and if they were, it doesn’t really matter that RapidSSL stopped using MD5 or not. In theory, RapidSSL would need to revoke its Root Certificate to make sure the problem was solved. The problem is that each certificate contains a URL so the browser can check if the certificate was revoked or not. The researcher’s rogue CA certificate had very limited space and it was impossible to include such a URL, which means that by default both Internet Explorer and Firefox are unable to find a revocation server to check their certificate against. Basically it’s up to the Browser vendors to solve the problem permanently by stop accepting certificates that use MD5 for example.

SSL is subject to many types of attacks, specially Man-in-the-Middle attacks. Users usually ignore SSL warnings so they’ll most likely not notice a Man-in-the-Middle attack. One way to be more protected is to install Perspectives, a Firefox plugin, developed by a couple of grad students from Carnegie Mellon University, that monitors the certificates used in the sites you visit, and warns you if the certificate has changed.

So let’s imagine you want to login on your Homebanking to make some wire transfers (or any other site that uses SSL). Here is a list that will make your SSL browsing safer:

1. Make a bookmark of your Homebanking. Double check that the URL is correct.
2. Install Perspectives
3. If your browser is running, please quit it and run it again (so it’s a fresh run).
4. Go to your bookmarks and click on the Homebanking bookmark. DO NOT load any webpage before the Homebanking one. Make sure the Homebanking is the first page loaded.
5. Make sure Perspectives says the Homebanking site is safe
6. Now it is safer to use the Homebanking. You can do whatever you want to do there now.

If you want *all* the Portuguese holidays in your calendar, subscribe the following ics:

http://cals.sig9.net/ptHolidays/

Here’s a list of optional parameters:

• ey = <end year YYYY> (defaults to <current year> + 3)
• sy = <start year YYYY> (defaults to <current year> – 2)
• ct = <city> ({lisboa, porto} are the only cities currently available)

Example:

• http://cals.sig9.net/ptHolidays/?ct=lisboa&sy=2009&ey=2015

If you want the local holiday for your city, please let me know and I’ll add it to the calendar.

Hint: In order to have your calendar always up-to-date you should not use the “ey” parameter, since its default is . This way, your calendar will never be outdated. Most calendar clients do not have a “yearly refresh” option, which would be the best for this case, so just set the refresh rate to weekly or monthly. If you use iCal, you can click here to subscribe the calendar automatically.

While there’s people out there working for 1 cent an hour, CAPTCHA will never be bullet proof… just because it’s not supposed to be Human proof.

Check out http://www.anti-captcha.com/ or the google translation here since the original site is in Russian. Impressive that they even offer SLAs.

A lot of people have been asking me for a retrospective of the Lisbon MSIT-IS (Masters in Information Technology – Information Security) program from Carnegie Mellon, so I decided to post here a review of the previous semester.

First of all, this is a Dual Program (MSIT-IS from CMU and Mestrado em Segurança Informatica from FCUL). The entire program is held at FCUL in Lisbon, although a lot of the courses are lectured from Carnegie Mellon. You also have the option to go to Pittsburgh for the Summer Semester to write your Thesis.

The program started the last week of August ’08. The portuguese students were invited to go to Pittsburgh for an orientation session and for the first week of classes. There, we got familiar with the campus, school procedures and we had a taste of what is to be a student at CMU.

After that week we returned to Lisbon, where we attended classes in a high-tech classroom prepared for video-conferencing with Carnegie Mellon at FCUL. All remote classes were live and interactive. Students in Portugal could see students at CMU (and vice-versa), they could interrupt the class and ask questions, etc. The experience was quite pleasant and it’s pretty much like we were there.

Continue reading →

As some of you have noticed, I haven’t had much time to post on my blog lately because of this. But today I made an exception just because I spent the last couple of hours trying to figure out why the heck iTunes stopped recognizing my iPhone. While surfing through the internet I noticed that there were a lot of people that experienced the same issue and were not able to find a solution. So here is what solved the problem for me.

The fix ended up being this:

nuno@nuno-macbook:~/Library$ mv Lockdown Lockdown.orig

Hope it helps someone. Now I need to get back to work. See you before Xmas.