Featured Articles

Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Introducing BusKill: A Kill Cord for your Laptop
Crowdfunding on Crowd Supply (Review of my experience)
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Detecting (Malicious) Unicode in GitHub PRs
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
WordPress Multisite on the Darknet (Mercator .onion alias)
Hardening Guide for phpList
previous arrow
next arrow

Detecting (Malicious) Unicode in GitHub PRs

Detecting Malicious Unicode in GitHub Pull Requests

This article will describe how you can utilize GitHub Actions to scan user-contributed PRs for unicode and automatically warn you if such commits contain (potentially invisible & malicious) unicode characters.

Why

Last month Trojan Source was published — which described how malicious unicode characters could make source code appear benign, yet compile to something quite malicious.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Detecting (Malicious) Unicode in GitHub PRs

Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)

Continuous Documentation with Read the Docs (2/2)

This post will describe how add translations (i18n), pdf/epub builds, and branch-specific versioned documentation to a Read-the-Docs-themed sphinx site hosted with GitHub Pages and built with GitHub’s free CI/CD tools.

This is part two of a two-part series. Before reading this, you should already be familiar with Continuous Documentation: Hosting Read the Docs on GitHub Pages (1/2).

ⓘ Note: If you don’t care about how this works and you just want to make a functional repo, you can just fork my ‘rtd-github-pages’ GitHub repo.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)

Continuous Documentation: Hosting Read the Docs on GitHub Pages (1/2)

Continuous Documentation with Read the Docs (1/2)

This post will describe how to host a sphinx-powered site (using the Read the Docs theme) on your own GitHub Pages site, built with GitHub’s free CI/CD tools.

ⓘ Note: If you don’t care about how this works and you just want to make a functional repo, you can just fork my ‘rtd-github-pages’ GitHub repo.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Continuous Documentation: Hosting Read the Docs on GitHub Pages (1/2)

Introducing Coviz

Projected Future Spread of COVID-10 on Earth (e2a Apr 07)

I woke up on April 2nd to discover that over 1 million people on earth had tested positive for coronavirus. “I couldn’t find a website that was extrapolating the COVID-19 dataset, so I decided to build one”

It took over 4 months for COVID-19 to hit 1 million world-wide, and the graph was showing a horrifying exponential growth of cases. When I saw this, a question popped-into my head: when will it hit 2 million? (spoiler: it took only 13 days to go from 1 million to 2 million)

When will it infect 4 million? 8 million? 100 million? 1 billion? 50% of the population on Earth?

I searched-and-searched, but I couldn’t find a website that was extrapolating the COVID-19 dataset daily to predict the future spread of the virus, so I decided to build one myself.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Introducing Coviz

RegEx 2 DFA in Python

For my Discrete Mathematics II course at UCF (COT4210), I had to do some implementation with Finite State Machines. My favorite of our tasks (though the most difficult) was to convert a Regular Expression (RE) to an equivalent Deterministic Finite Automata (DFA). And since our professor let us use any language, I tried to branch out from Java & C (which are annoyingly overused in Academia). I decided to teach myself Python. And it turns out, it was a good choice too–considering it’s wonderful built-in functionality for Lists, and the heart of this program is a huge 2D array defining the automata’s transition function. Also, I miss scripting languages–especially when I’m writing a program as a learning experiment as opposed to trying to make it as efficient as possible.

So, without further Ado: here’s my code. It reads a RE in postfix notation from input.txt. Two cautions about postfix REs:

You must explicitly state concatenation The Kleen Star is already a postfix operator in REs, so it doesn’t really work to use a mathematical infix2postfix library, as it treats the kleen star like an infix multiplicative operator. I treat it as an operand and throw it directly into the
. . . → Read More: RegEx 2 DFA in Python