Currently the world record is 67890 digits, held by Lu Chao. According to some sources Akira Haraguchi has recited 100000 digits of PI, however the Guiness World Records have not accepted his record (Wikipedia).

Memorising PI is rather fun and is a great mental exercise. The PI day was just 5 days ago (14th of March), so it’s a great occasion to start memorising.

The technique

Different people use different techniques to help them memorise PI, because each of us learns things a bit differently. There are three different learning styles: Visual, Auditory and Kinesthetic, thus different techniques will work for different learning styles. So you may find assigning numbers to musical notes, images or poems more effective.

The idea of the technique I used is to divide PI into small blocks of numbers, which makes it easier to memorise. Divide and conquer!

PI to 100 digits is: 3.1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679

• Start by copying the whole number into any text editor (e.g. Microsoft Word, Notepad, Google Docs)
• Read through the digits. You should naturally start grouping them into blocks. Whenever you form a new block put spaces on both sides of the block to separate it from other blocks.

Blocks may not be obvious at first, but once you start trying to memorise them, they should become much clearer.

In the end, you should have something like this:

3. 1415 92 6535 8979 323 84626 433 83 279 50288 4197 169399 37510 5820 9749 4459 230 781 640 628 620 8998 628 034 825 342 117 0679

As you can see, the blocks I’ve chosen range from 2 to 6 digits in length. Yours may or may not differ - see for yourself what works for you.

Now take blocks one by one and try to memorize them in order .

I found memorising a few blocks at a time easier. By the way, sheer repetition really helps, though it probably wouldn’t work on longer sequences.

Useful resources

• Assigning digits to notes by Vihart - Youtube link
• Link and Major systems - Link
• Phonetic System - Link

Does reaching for the left Control key make your pinky finger uncomfortable? Maybe it’s time to remap that Caps Lock key into a Control key. It’s right next to your natural hand resting spot, is easy to reach and pretty useless at the moment, isn’t it?

In Ubuntu 12.10 it’s very easy to remap special keys. You can do that in just a few steps:

1. Open System Settings
2. Click Keyboard
3. Choose Layout Settings
4. Click Options
5. Click Caps Lock key behavior to expand it
6. Choose Make Caps Lock an additional Control but keep the Caps_Lock keysym or any other option you like

That’s it. Now those shortcuts aren’t as uncomfortable, right?

I’ve started using VIM a year or so ago and I’ve never looked back. It’s a very powerful and (in my opinion) efficient text editor, favoured by many programmers. And it’s rival is Emacs.

You can do some very fancy stuff with VIM, but it takes time to learn. You can watch some videos by Derek Wyatt, which showcase what can be done with VIM and are relatively easy to learn from (even though VIM has a steep learning curve).

Batch embedding images in Markdown

First of all, images can be embeded in such way:
![Alt text](URL)

If you need to refresh your Markdown syntax knowledge, here’s the documentation by Daring Fireball.

Ok, so the first thing is that we need to get a list of images into VIM. How do we do that? VIM has a :r command, which can read input from files or commands and pastes it into the buffer.

Combine with ls and it’s done: :r!ls *.png

The bang (!) symbol marks, that we’ll read from a command instead of a file. The result should look like this:

1
2
3
4
5
6
7

filename1.png
filename2.png
image3.png
something_else.png
synthetic_file.png
cookies.png
synthetic_file3.png

Now that we have our filenames in the buffer, we can start converting them. There are multiple ways to do it, but I’ll show you two of them.

Macros

With macros you can do lots of repetetive stuff that you may not be able to or don’t know how to do with substitutions or other means.

q followed by a register will start recording the macro. If you hit q again, it will stop the recording.

Here’s the complete macro I used: yt.i![ESCpla(ESClxA)ESCj0

Let’s take a look at what it is doing:

• yt.i![ESCp - provided that the cursor is standing at the beginning of the line, it will yank all text until a dot (in this case filename1) into a unnamed register. Then it will go into insert mode and insert ![. I’m not sure if this is handled by some VIM plugin or it’s a standard behavior, but my VIM auto closes with the right square bracket. Then we paste the yanked text with p. Now we have ![filename1]filename1.png in our first line.
• la(ESClxA)ESC - l (lowercase letter L) moves the cursor to the right, we append text after the cursor with a and type in the left parentheses. Hit the ESCAPE key to go back to command mode. l (lowercase L) to move right and x to delete the right paren (which was autoinserted by VIM). Use A to append the right paren at the end of the filename and hit ESCAPE to go back to the command mode. If you have VIM-surround plugin - you can add parens with it.
• j0 - j will move down and 0 (zero) will move back to the beginning of the line.

Substitutions

This approach is sort of easier as it’s pretty much a single command:

%s/\(.*\)\.png$/![\1](\1.png)

• %s/match/replace_with is the substitution command
• \(.*\)\.png$ will greedy match lines, ending in .png and will forget about the extension. It’s just regular Regex: . (dot) will match any character and * will try to match 0 or more characters. $ marks, that the match should end in .png
• ![\1](\1.png) is the format we want to use here. \1 is the match we told VIM to memorize

Last words

It may look confusing at first, but actually it’s quite easy once you have a grasp of VIM syntax (well, and regex for the substitutions). However, as with everything else, learning them by muscle memory takes time.

If you’ve never used VIM in your life you may think “It’s too much of a hassle to process those 7 images. I could’ve done that in 20 seconds with Notepad!”, and you would probably be right. But you couldn’t be that quick if the amount of stuff to do would grow ten or hundred times. Besides, those 2 commands come in just under 30 characters each.

VIM is documented very well and the documentation is built in, so if you have any trouble with any commands, just type in :h command in command mode.

Stripe CTF 2.0 web edition challenge has recently ended. It was lots of fun to participate in.

About 7 thousand people have completed the first level and 978 people have completed the whole 9 challenge CTF competition. Leaderboard.

Now that the challenge has ended, people have posted their impressions and solutions to challenges. Stripe CTF 2.0 Write-Up is a great write-up by droogie from IOActive Labs Research. He posted solutions to all 9 problems with brief explanations for those solutions.

List of attacks:

• Level 0 - SQL Injection
• Level 1 - Misuse of PHP Function on Untrusted Data
• Level 2 - File Upload Vulnerability
• Level 3 - SQL Injection
• Level 4 - XSS/XSRF
• Level 5 - Insecure Communication
• Level 6 - XSS/XSRF
• Level 7 - SHA1 Length-Extension Vulnerability
• Level 8 - Side Channel Attack

And so another Stripe Capture The Flag event has begun. Stripe continues on from their last CTF event, where a number of hacking challenges were given, ranging from simple web form cookie hacks to buffer overflows and other magic stuff.

CTF 2.0 is targeted at web based attacks. Interested to learn about XSS, SQL injections, CSRF attacks? This is a good place to do that.

The event has started at Wednesday, August 22nd, 2012 at 12 noon PDT, and it will end at Wednesday, August 29th, 2012 at 12 noon PDT, so it’s not too late to start. If you’re reading this after the ending date - Stripe will publish (or already have done that) all challenges somewhere online.

At the time of writing over 5,000 people have passed the first level and there are 9 levels in total (and they are zero indexed). Only 112 have captured the final flag and completed the challenges. Impressively, the first person to finish - wgrant - has done it in a bit more than 12 hours. Congratulations to him. He had stuck around to give others some useful clues, which is very nice of him.

Challenges involved using a large variety of technologies and languages: Node JS, SQLite, PHP, Python, Ruby, Javascript, Flask, Sinatra and others. Most of them were relatively easy (compared to the last two). It’s kind of a shame that the easier levels were written in PHP (quite easily hackable). These days it’s getting a lot of hate, but flaws that were present in those challenges are quite common.

One of the more interesting challenges required a hash extension attack. Apparently SHA-1 has predefined seed values and hashes the message in 64 byte chunks. So even without knowing the salt it was possible to append some malicious data, sign it using the original hash and the system processed it without any hickups. It was expected, but for some reason I was just blown away. Oh, Exploiting SHA-1-signed messages and CodeGate 2010 Challenge 15 – SHA1 padding attack were really helpful with that challenge.

Since the challenge has not finished, I don’t want to spoil it for anyone, so I’m not going to say more about it in this post, maybe some time in the future…

By the way, I have finished this challenge in 25th place. It took me roughly 27 hours to complete, here’s my profile. Too bad I didn’t get in TOP 20.

Thanks to the Stripe team for such a great event, I’m looking forward to future CTFs. Thanks to other friendly hackers on the Stripe IRC that gave some hints along the way, but not spoiled the fun.

And again, if you want to, there still is plenty of time to hop in and Capture The Flag at https://stripe-ctf.com, so don’t hesitate, just go!