Intermittent hosting issues

My apologies if you’ve tried accessing the site and seen error messages, timeouts, slow responses, or other similar issues over the last week or so.

My hosting provider has a rather clever setup that allows for extremely high performance while minimizing resource use. This has generally worked well, but they recently had some issues with their routing hardware that implements this cleverness as well as some moderate attacks against customers.

Although things are stable for now, they’re looking at replacing nearly-overloaded components with higher-capacity models, implementing better monitoring and responses so they can alleviate attacks and detect problems sooner, and otherwise be able to improve things going forward. There may be some instability in the immediate future, but things should improve.

Sorry about the trouble.

Sorry for the inactivity.

Shock! Alarm! There’s actually a new post!

As you might have noticed, I’ve been inactive for the last year or so — things have been extremely hectic in the lab and I’m in the “crunch time” for my dissertation. More soon.

For those who don’t follow it already, I strong recommend reading Shall Not Be Questioned at — Sebastian and Bitter keep up to date with pretty much all gun-related news and information.

Fear me, for I am root

Google Authenticator Plugin: I’m sorry, but it is not possible for you to import an existing shared secret. You must generate a new one.

Me: Really? That’s annoying.

GAP: Yup. Sucks to be you.

Me: Fine. *generates a new secret* Oh, there’s something I ought to tell you.

GAP: Tell me.

Me: I have root access to the database in which the secret is stored. *edits the appropriate entry in the database, thus restoring the previous shared secret*

WordPress Security: Google Authenticator

Many of the readers here are also bloggers, and quite a few use WordPress.

If you host your own WordPress installation (as opposed to hosting with, you may be interested in the Google Authenticator plugin for two-factor authentication.

If you have an iOS (iPod Touch or iPhone), Android, or BlackBerry device that can run the Google Authenticator app, the Google Authenticator plugin can help significantly with your site’s security. Once you link the plugin and the device, your device generates a new time-dependent numeric code at regular intervals. To log into your WordPress blog’s account you’ll need your username, password, and the numeric code generated from the mobile device application.

This way, even if an attacker manages to acquire your username and password they are unable to log into your WordPress account because they don’t have the correct code. Now an attacker needs something you know (username and password) and something you have (the mobile device that generates the code).

Update: One can also configure a static password for applications that are not able to deal with one time passwords, like desktop or iPhone WordPress clients. Very cool.