** UnhandledExceptionEventHandler :: OFFICIAL LC / CHATTER THREAD ** - Page 209 - Computer Technical Help

Didn't Brooks also say you should plan on building two and throwing the first away? Now he doesn't want you to build the second one and just move on to the third? Maybe that's why IBM is such a powerhouse today...

No silver bullets :P

Quote

08-25-2012 , 05:51 PM

#5202

gaming_mouse

Carpal \'Tunnel

Join Date: Oct 2004 Posts: 13,786

So I'm trying to solve level 7 of the stripe capture the flag, but I need to install a python module. This is proving to be ****ing harder than the actual contest problems.

All I need to do is get the import 'shaext' working.

So far I followed this post:
http://stackoverflow.com/questions/4...038397#9038397

download ez_install.py, it had problems because it's written for earlier version of python (I download the latest), so I changed the print statement to use parentheses, and the exception to use "as" instead of a comma, but it still won't run.

I mean for the love of god, why is this so hard?

Can any of you python guys help me out?

(I'm on windows 7 64bit)

Quote

08-25-2012 , 06:03 PM

#5203

Neko

Pooh-Bah

Join Date: Jul 2005 Posts: 4,000

What is shaext? Googling doesn't turn up much.

Quote

08-25-2012 , 06:06 PM

#5204

Neko

Pooh-Bah

Join Date: Jul 2005 Posts: 4,000

If you are using Python3 (which it sounds like you are) and want to use pip, I think you need to install distribute and use that to install pip

edit: found these instructions http://lubanui.org/current/install-py3-pip.html

Quote

08-25-2012 , 06:21 PM

#5205

gaming_mouse

Carpal \'Tunnel

Join Date: Oct 2004 Posts: 13,786

Neko, it's some module having to do with SHA-hashing.

What is distribute? Are you saying I have to install distribute, then install pip, then install shaext? So python has an installer for it's installer? (I assume the purpose of this was because someone knew I would be trying to install python at some point and wanted to **** with me? )

I tried doing this from the link:

Code:

$ curl -O http://pypi.python.org/packages/source/p/pip/pip-1.0.tar.gz
$ tar xvfz pip-1.0.tar.gz
$ cd pip-1.0
$ python setup.py install # may need to be root

but that didn't work either.

Quote

08-25-2012 , 06:35 PM

#5206

Neko

Pooh-Bah

Join Date: Jul 2005 Posts: 4,000

pip is a more sane 3rd party wrapper for Python's default installer (which is setuptools and being replaced by distribute).

I found an shaext file but no idea if it's the right one or not.

Code:

#!/usr/bin/env python
#
# sha1 padding/length extension attack class
# by rd@vnsecurity.net
#

import sha
import struct 
import base64

class shaauth:
	def __init__(self, secret, verbose=1):
		self.secret = secret

	def sign(self, msg):
		data = self.secret + msg
		m = sha.new()
		m.update(data)
		sig = m.hexdigest()
		return sig

	def verify(self, msg, sig):
		data = self.secret + msg
		m = sha.new()
		m.update(data)
		sig2 = m.hexdigest()
		return sig2 == sig

# attack class on sha1 length-extension
class shaext:
	def __init__(self, origtext, keylen, origsig):
		self.origtext = origtext 
		self.keylen = keylen
		self.origsig = origsig
		self.addtext = ''
		self.init()

	def init(self):

		count = (self.keylen + len(self.origtext)) * 8
		index = (count >> 3) & 0x3fL
		padLen = 120 - index
        	if index < 56:
            		padLen = 56 - index
	        padding = '\x80' + '\x00' * 63
	        
        	self.input = self.origtext + padding[:padLen] + struct.pack('>Q', count)
        	count = (self.keylen + len(self.input)) * 8
		self.m = sha.new()	
        	self.m.count = [0, count]
        	     
        	_digest = self.origsig.decode("hex")
        	(self.m.H0, self.m.H1, self.m.H2, self.m.H3, self.m.H4) = struct.unpack(">IIIII", _digest)
		
	def add(self, addtext):
		self.addtext = self.addtext + addtext
		self.m.update(addtext)
		
	def final(self):
		new_sig = self.m.hexdigest()
		new_msg = self.input + self.addtext			
		return (new_msg, new_sig)

def testattack():
	key = "topsecret"
	keylen = len(key)
		
	auth = shaauth(key)

	# sign the msg		
	orig_msg = "this is orig test message"
	orig_sig = auth.sign(orig_msg)

	# test the length extension attack		
	add_msg = "this is addition message"
	ext = shaext(orig_msg, keylen, orig_sig)
	ext.add(add_msg)
	(new_msg, new_sig)= ext.final()
		
	# verify the new msg
	assert auth.verify(new_msg, new_sig)

if __name__=="__main__":
	testattack()

Just save it in a file and you can import it directly

Quote

08-25-2012 , 06:37 PM

#5207

gaming_mouse

Carpal \'Tunnel

Join Date: Oct 2004 Posts: 13,786

nevermind i'm an idiot looks like shaext is just another python file i needed to download, thanks for the replies.

Quote

08-25-2012 , 06:38 PM

#5208

clowntable

Carpal \'Tunnel

Join Date: Jun 2006 Posts: 45,557

Do any of you have experience with coworking spaces? Basically shared offices where you can rent desk space or get reserved spaces for the entire month.

One day is 15 Euro at the one closest to where I live. Seems prettty cool I think I'll check it out and just work on random stuff for a day. Could be pretty neat if the right regs hang out there it's marketed to creative work freelancer types and startups.

One office is 270 Euro/month, includes some conference room time, printer access, phone number and post box as well. Pretty good deal actually, normal office space would be 600ish I'd guess.

My main concern would be security if I'd do any serious work, seems to be wlan only internet access. But like I said could be pretty neat for networking/having experts in some fields at your fingertips. One software startup, a freelance lawyer and a freelance designer one time?

---
Also turns out that my firstnamelastname.com (and .de) where free so I grabbed them with two of my free domains. I have a somewhat rare combo but there's one guy with the same name who's a chemist and certainly internet savy that basically owns the entire first page of google results (I'm low profile and like that quite a bit actually). I already snatched the firstname.lastname gmail address and he actually wrote me a mail telling me he was going to register it on the same weekend...heh (also have the twitter firstname_lastname diiing)

Quote

08-25-2012 , 06:48 PM

#5209

Spurious

Carpal \'Tunnel

Join Date: Aug 2006 Posts: 18,593

There was a SpOn article on it a few months ago.
Kinda meh and imo what you would expect from those places.

270 seems like a lot for an office, for 600 you get a huge office given that commercial square meter prices are rather cheap. 10€ per sqm is a regular/bit more expensive price and you would get a lot more than you do in a time shared office.

In larger cities, they should have shared offices for start ups, I think this would be a better place.

Quote

08-25-2012 , 06:54 PM

#5210

clowntable

Carpal \'Tunnel

Join Date: Jun 2006 Posts: 45,557

Yeah thinking about it a bit I could probably get something decent for 300ish actually lol. I guess I'd be most interested in the networking. Like I said I'll probably just try the 2-3 closest ones. The one I checked out is 15 Euro/day so that's not a lot to test it for a day. Probably best to just talk to the people there.

Quote

08-25-2012 , 07:00 PM

#5211

kerowo

lolcat

Join Date: Nov 2005 Posts: 37,190

The other people there aren't your coworkers though, wouldn't be annoying for some free lance account to ask you about automating his spreadsheet or something?

Quote

08-25-2012 , 07:07 PM

#5212

Spurious

Carpal \'Tunnel

Join Date: Aug 2006 Posts: 18,593

Quote:

Originally Posted by clowntable

By all means, check it out.
The article mentioned a few things that I found particularly weird. For example, on certain days they cook in house and all eat together.
This sounded to me more like a community type of thing rather than a very professional working environment.

Quote

08-25-2012 , 07:34 PM

#5213

sdturner02

old hand

Join Date: Jul 2010 Posts: 1,230

Can somebody who knows javascript do a quick code check for me? I've been tuning this and I think it's correct, but just wanted to make sure because I've been staring at it for way too long.

This function takes a date of birth from a set of month, day, and year drop down fields, calculates the person's age, and then sets the value of an age field to the correct age.

Multiple people can be present on the page, so the function takes one argument, which is the person number of the individual being calculated (first person = 1, second person = 2, and so on).

Here it is:

Code:

function get_age(person_num) 
{
	var month_val = parseInt(document.getElementById('person_dob_month'+person_num).value, 10), 
		day_val = parseInt(document.getElementById('person_dob_day'+person_num).value, 10), 
		yr_val = parseInt(document.getElementById('person_dob_yr'+person_num).value, 10),
		today_date,
		today_year,
		today_month,
		today_day,
		age;
		
	if (day_val > 0 && month_val >= 0 && yr_val > 0) { // only calc if all fields selected
		today_date = new Date();
		today_year = today_date.getFullYear();
		today_month = today_date.getMonth();
		today_day = today_date.getDate();
		age = today_year - yr_val;
		
		if (today_month === month_val) { // birthday is this month
			if (today_day < day_val) { // birthday hasn't happened yet this month, subtract 1 from age
				age--;
			}
		}
		if (age < 0) { // Prevents age from being -1
			age = '';
		}

		document.getElementById('person_age'+person_num).value = age;
	}					
}

Here is what the HTML fields look like (It all works fine, just wanted to include it so you can visualize better):

Code:

<select id="person_dob_month1"  name="person_dob_month1">
<option value="-1"></option>
<option value="0">January</option>
...
<option value="11">December</option>
</select>

<select id="person_dob_day1" name="person_dob_day1">
<option value="0"></option>
<option value="1">1</option>
...
<option value="31">31</option>
</select>

<select id="person_dob_yr1" name="person_dob_yr1">
<option value="0"></option>
<option value="2012">2012</option>
...
<option value="1900">1900</option>
</select>

Quote

08-25-2012 , 08:04 PM

#5214

clowntable

Carpal \'Tunnel

Join Date: Jun 2006 Posts: 45,557

Quote:

Originally Posted by kerowo

The other people there aren't your coworkers though, wouldn't be annoying for some free lance account to ask you about automating his spreadsheet or something?

Reciprocity should keep that in check fairly well. At least if you know how it works and that we're wired to follow it you should come out +-0

Quote

08-25-2012 , 08:33 PM

#5215

Neko

Pooh-Bah

Join Date: Jul 2005 Posts: 4,000

sdturner,

While you are checking for the cases where the months are equal, you are ignoring the case where todays month is less than birthday month.

To make your intentions clear you should really be using more parenthesis in this line

Code:

(day_val > 0 && month_val >= 0 && yr_val > 0)

should be

((day_val > 0) && (month_val >=0) && (yr_val > 0))

I would probably refactor your code a bit like so:

Code:


function get_age(birth_date){

    var today_date, today_year, age;

    today_date = new Date();

    age =  today_date.getFullYear() - birth_date.getFullYear();
    
    if (day_of_year(today_date) < day_of_year(age_date)){
        age--;
    }
    
    return age;            
    
}

function get_birth_date(person_num){
    //read data from DOM and  return Date object
    return birth_date;
}

function day_of_year(date){
    //figure out day of year and return it
}

//and then call like
var bd = get_birth_date(person_num);
var age = get_age(bd)

Quote

08-25-2012 , 09:09 PM

#5216

sdturner02

old hand

Join Date: Jul 2010 Posts: 1,230

Neko,

Thank you very much. You're exactly right, I knew I was missing something. The silly thing is that in an earlier version I accounted for instances where the person hasn't had their birthday this year:

Code:

if (today_month <  month_val) { // Hasn't had birthday this year
	age--;
}

Yet for some reason I deleted it. I clearly have been coding for way too long today. Time to call it quits for the day.

Thanks again.

Quote

08-25-2012 , 09:45 PM

#5217

Neko

Pooh-Bah

Join Date: Jul 2005 Posts: 4,000

No problem. I've had many times where I've been staring at a problem for an hour before giving up for the night, only to come back fresh in the morning and solve it in 30s.

Quote

08-26-2012 , 09:48 PM

#5218

daveT

S.A.G.E. Master

Join Date: Jun 2005 Posts: 23,955

I posted my first SO question. They ended up asking me to upload a stand-alone on github. I thought the problem was trivial and someone would say "Here's Google, you idiot" and provide a link, but I guess the problem is difficult that there should be an easy resource for everyone to reference?

I just want to create a login area.

Quote

08-26-2012 , 11:30 PM

#5219

Neko

Pooh-Bah

Join Date: Jul 2005 Posts: 4,000

Shoe lace? http://vanilla-js.com/

Quote

08-26-2012 , 11:38 PM

#5220

tyler_cracker

Carpal \'Tunnel

Join Date: Apr 2005 Posts: 15,828

hahahaha

i like how it has throbbers that "update" when you select more "features". yet somehow it's always zero bytes. sorcery!

Quote

08-26-2012 , 11:45 PM

#5221

Neko

Pooh-Bah

Join Date: Jul 2005 Posts: 4,000

yeah. The "Show human-readable sizes" was a nice touch too.

Quote

08-27-2012 , 12:13 AM

#5222

_dave_

_Pooh_Bah_

Join Date: Feb 2005 Posts: 13,146

that is great

Quote

08-27-2012 , 09:52 AM

#5223

Wraths Unanimous

Carpal \'Tunnel

Join Date: Sep 2007 Posts: 8,575

Anyone know of a script that finds vague addresses in strings? I'm using twitter to pull locations from tweets and update in real time where the person is and I can do so when the address is simple like 1234 Orange St Orlando Fl. But some people tweet their location like 'corner of University and 4th'. Any ideas?

Quote

08-27-2012 , 10:03 AM

#5224

Gullanian

Carpal \'Tunnel

Join Date: Dec 2006 Posts: 14,014

That's a sort of natural language processing problem and is going to be pretty hard to solve.

Quote

08-27-2012 , 11:12 AM

#5225

Wraths Unanimous

Carpal \'Tunnel

Join Date: Sep 2007 Posts: 8,575

Yeah, I can catch a few addresses that contain numbers, or street extensions such as st, ct, ave, etc, but it obviously isn't correctly catching all addresses.

Quote

Page 209 of 1603

First

9 109 159 189 199 204 205 206 207 208 209 210 211 212 213 214 219 229 259 309 409 709 1209

Last

Post Reply Subscribe

...

Page 209 of 1603

First

9 109 159 189 199 204 205 206 207 208 209 210 211 212 213 214 219 229 259 309 409 709 1209

Last