How to solve the 36 Cube puzzle – hints & solution

Posted on by
35

For Christmas, I got the ThinkFun 36 Cube. It is consists of 36 towers in 6 colors and 6 different sizes and a base plate with 6 by 6 slots to plug in the towers. These slots are of different heights. The goal is to place one towers of every color in each row and column. And the  towers must fit to form a level cube.

After some tries, I came to the conclusion that this puzzle is the work of the devil and that I should not waste more brain cycles on solving it. So I wrote a little python script to solve the puzzle for me.

Show sourcecode

My program quickly came up with a correct placement for 34 towers – but it failed to find the complete solution.

[('P', 5), ('Y', 3), ('O', 2), ('B', 1), ('R', 4), ('G', 6)]
[('Y', 4), ('O', 1), ('P', 6), ('R', 2), ('G', 5), ('B', 3)]
[('O', 6), ('B', 5), ('R', 3), ('G', 4), ('P', 1), ('Y', 2)]
[('R', 1), ('G', 2), ('Y', 5), ('P', 3), ('B', 6), ('O', 4)]
[('B', 2), ('P', 4), ('G', 1), ('Y', 6), ('O', 3), ('R', 5)]
[('G', 3), ('R', 6), ('B', 4), ('O', 5), ('X', 2), ('X', 1)]

Legend:
P = Purple, Y = Yellow, O = Orange, B = Blue, R = Red, G = Green, X = Empty
The number is the size of the tower.
As you can see, I didn’t waste much time on making the output pretty :)

36cube almost solved

So close and yet so far

After spending lots of time verifying that my program was working correctly, I became impatient and googled for help. I found an answer, but it revealed to much, taking all the fun.

Therefore, I split my solution into multiple hints. If you are stuck, reveal just one of them at a time and try to figure it out by yourself. It is way more rewarding!

Hint #1 (show):

Hint #2 (show):

Hint #3 (show):

Hint #4 (show):

Hint #5 (show):

Even if you uncovered all hints, the puzzle is still far from solved. You can still tinker with it forever.

Spoiler alert: Don’t uncover the solution, unless your are really desperate!

Click to show the 36cube solution.

Asus EEE PC 901 with RunCore Pro IV SSD

Posted on by
3

A couple of weeks ago, I wrote about upgrading the SSD of my EEE PC 901 and the mixed results I got. I decided to return it and wait until a faster SSD by RunCore becomes available. Today, I received my brand new RunCore Pro IV SATA 70mm Mini PCIe SSD 32 GB (what a name!).

As I already wrote in my earlier post, swapping the SSD is really easy.

  1. Backup your data. If you want to reuse your current installation, use some imaging software. I booted from an Ubuntu Live CD and used dd.
  2. Turn off your EEE, remove AC and battery.
  3. Loosen the two screws of the lid on the bottom and remove the lid. You might have to apply a little bit of force with a flat screw driver.
  4. Loosen the two screws that hold the SSD in place. Make sure the don’t fall into the case. If the do, you absolutely must find them before you plug in AC or the battery, otherwise you risk a short-circuit.
  5. Replace the old SSD with the new one.
  6. Fix the SSD, put on the lid, restore your image. Done!

If anyone asks nicely, I can take some pictures of the process, but it is really simple. The only special tool you need is a very small Philips screwdriver. There was one in the box with the SSD, but it wasn’t small enough.

After swapping the drive and restoring the image, I booted the device for the first time. The EEE detected the drive without problem and I noticed immediately that the system was snappier. Then I ran the benchmark:
Benchmark Runcore Pro IV SSD

The sequential and 512k read performance is on par with the Super Talent SSD, but the write performance is miles ahead. To be honest I expected even faster write speeds, but I’m far from disappointed. The benchmark result is 7.5 times faster than the Super Talent SSD and a ridiculous 93x better than the stock SSD. Way to go, RunCore!

Older benchmark results:

Benchmark of Super Talent SSD

Benchmark of Super Talent SSD

Benchmark of EEE PC 901 onboard SSD

Benchmark of EEE PC 901 onboard SSD

Disclaimer: I’m not affliated with any of the companies mentioned, I’m just excited that my little EEE PC might be usable again. If you think about dumping it for a new device, consider upgrading the SSD.

Automatic plugin update problem in WordPress 2.8.x

Posted on by
Reply

After upgrading WordPress to the current version, I could no longer automatically update plugins. This is the error message I got:

Downloading update from http://downloads.wordpress.org/plugin/xxx.zip.

Unpacking the update.
Warning: unlink(/…/wp-content/upgrade/xxx.zip) [function.unlink]: No such file or directory in /…/wp-admin/includes/class-wp-upgrader.php on line 146

Incompatible archive PCLZIP_ERR_MISSING_FILE (-4) : Missing archive file ‘/…/wp-content/upgrade/wp-syntax.0.9.8.zip’

After digging through the forums I found a solution to the plugin autoupdate problem in the WordPress Support forum.

Open the file wp-config.php in the root directory of your WordPress installation and remove the definition of the WP_TEMP_DIR variable, i.e. a line that looks like this

define('WP_TEMP_DIR', ABSPATH . "wp-content/upgrade");

Asus EEE PC 901 SSD Upgrade

Posted on by
2

Update: Upgrade instructions and benchmark of the EEE 901 with an even faster SSD.

Recently, I upgraded the harddisk of my EEE PC. It comes with a 4 GB onboard SSD which in quite slow, and a 8 GB SSD which is even slower. A benchmark shows just how slow it is.

Benchmark onboard SSD

After reading the test of the RunCore Pro IV SSD on jkkmobile, I decided it was time to upgrade. Unfortunately, the RunCore SSDs are hard to come by in Germany, so I bought a 32 GB Super Talent PCIe SSD (FPM32GLSE) for about 100 €, expecting similar performance.

I made an image of the old drives and upgraded the BIOS to the newest version. To my surprise, installing the drive was as simple as swapping the RAM module.

After restoring the images to the new drive, I ran the benchmark again.

Benchmark Super Talent SSD

Overall, the Super Talent SSD outperforms the onboard SSD. Sequential writing is a bit slower, but sequential reading is more than 3x faster. 4k writing is about 12x faster, but the absolute value of 0.7 MB/s is still quite low. A RunCore Pro IV should get about 16 MB/s which is 20x more.

YouTube to sevenload Bookmarklet

Posted on by
2

Say you find a video on YouTube and you want to share it with your friends on sevenload. Now what?

YouTube to sevenload Bookmarklet to the rescue!

Just drag the link below to your bookmark toolbar:

YT2SL

If you are watching a video on youtube.com, click the bookmarklet to get redirected to the same video on sevenload.

YouTube video

http://www.youtube.com/watch?v=YB1olxLwBWI

becomes

http://de.sevenload.com/item/yt/YB1olxLwBWI

http://de.sevenload.com/item/yt/YB1olxLwBWI

You can also manually create a bookmark with this adress (make sure to remove linebreaks):

javascript:l=document.location;m=’Not a YouTube video!’;if(l.host.search(/youtube.com$/)==-1){alert(m);}else{a=l.search.substr(1).split(‘&’);v=”;for(var i in a){k=a[i].split(‘=’);if(k[0]==’v'){v=k[1];break;}}}if(v==”){alert(m);}else{window.location=’http://de.sevenload.com/item/yt/’+v}

Slides from EuroDjangoCon

Posted on by
3

These are the slides and code of talks given at the EuroDjangoCon, which is held in Prague from May 4th to May 6th. This information can also be found in the EuroDjangoCon Wiki.

Day 1:

Day 2:

Day 3:

Other:

This post will be updated over time. Please leave a comment if you think something is missing.

WLAN an der Uni Karlsruhe (DUKATH) mit Ubuntu 8.10

Posted on by
1

Ubuntu hat inzwischen eine ziemlich gute WLAN-Unterstützung. Lange Zeit konnte DUKATH nur[1] mit einem VPN-Client genutzt werden, inzwischen geht das auch per WPA. Laut Anleitung des Microbit [PDF] soll man ein Skript schreiben um den Zugang zu nutzen. Unter Ubuntu geht es aber auch etwas einfacher:

Auf das Symbol des Netzwerk-Manager-Applet klicken:

Das Netzwerk dukath-??x auswählen.

?? hängt vom Standort ab. Beim RZ gibt es eine Übersicht über die verwendeten SSIDs.

Auswahl DUKATH-Accesspoint

Auswahl DUKATH-Accesspoint

Im darauf folgenden Dialog die richtigen Werte eintragen:

Einstellungen DUKATH

Einstellungen DUKATH

Bei Zertifikat sollte das Deutsche Telekom Root CA 2 Zertifikat ausgewählt werden.

Benutzername und Passwort entsprechen denen bei der Verwendung von VPN.

Fertig!

[1] Der Zugang über das DUKATH Web-Interface sollte nur in Notfällen genutzt werden, da die Verbindung nicht verschlüsselt wird und deshalb einfach abgehört werden kann.

Features are not key to success

Posted on by
Reply

At least not for social networks. A blog by Robert Basic about new features at blepper, a German Twitter alternative, got me thinking.

What is the main feature of a social network? Connecting people! And to enable connections between people, you have to reach a critical mass of people first.

There is already a million ways to connect to other people. Facebook, Myspace, LinkedIn, Twitter, and German services like StudiVZ, WKW, XING…

Most of them are not perfect. But just providing a more feature-rich service than an established competitor is a recipe for disaster. Pownce had to learn this the hard way. Facebook never really took off in Germany, because StudiVZ took the German market first. My experience is that almost every German you find on Facebook, met people abroad. She didn’t sign up for the better photo gallery, but for people.

StudiVZ grew big fast and then sucked for a long period of time. Lots of performance and privacy issues. People stayed.

Twitter grew big fast and then sucked for a long period of time. Lots of performance issues. People stayed.

I simply can’t think of one example where a new social network overtook an established competitor due to features.

How 52 words can cost you your job

Posted on by
2

With some trolling on a blog, some poor guy causes an incredible shitstorm that changed his life. That’s a story only the blogosphere can write. In this case, the German speaking blogosphere*.

  1. It all starts with astupid anonymous comment on a blog, concerning the authors weight.
  2. The author** grabs the commentors IP adress from the logs and posts the matching domain name, revealing that the commentor didn’t give his real name.
  3. The commentor has the balls (or is stupid enough) to reveil his real name and asks for absolution.
  4. Now, the author could have forgotten about the whole thing. Instead, he posts an open letter to the commentors employer (a PR agency) on his blog.
  5. Two days later, the employer raises his voice, announcing that the commentor will be fired.

52 inconsiderate words made the commentor unemployed and probably ruined his name on Google forever*

And this is where the real discussion starts. Don’t get me wrong, nobody likes trolls. And it’s unfair to pick on inferior people. In this case, inferior meaning the fit guy holding a degree in sports picking on an overweight guy. Trolls, let this be your warning.

Still, the consequences seem a bit harsh. As far as I understand the author wasn’t as much upset about the comment itself as about the fact that it was posted under a false name. But where do you draw the line between posting under a false name and posting anonymously? Sure, the mistake of the commentor was to specify a URL. Posting as John Smith is not the same as posting as John Smith, www.smith.com.

But if somebody is clueless enough to post such a comment from his workplace, can’t you assume that it didn’t come to his mind that somebody might think he really is, in fact, the one John Smith from Smith Consulting at smith.com? In dubio pro reo, I’d say the commentors intention was anonymity, not identity theft.

And this is where the pendulum swings back. Just as it is inappropriate for the athlete to pick on the fattie, it is inappropriate for the internet pro to hunt down the troll. Not feeding a troll is not the same as ruining his life.

(via)

* All links in German, sorry.

** Please excuse the whole author/commentor/JohnSmith thing, I didn’t want to make the Google bomb bigger stigmatize the commentor more than it he already is.

Gmail CSRF vulnerability explained

Posted on by
Reply

There has been the claim on the blog Geek Condition of a CSRF vulnerability in Gmail. The idea was that an attacker can automatically create a filter in the victims Gmail account to forward sensitive mail to the attackers email. A detailed proof of concept walks you through the steps of exploiting the alleged vulnerability. This attack was supposed to be linked to recent cases of domain theft. The story was picked up by various site, e.g. Heise. Today, Google denied the security hole. So who is wrong?

Indeed, if you follow the detailed instructions, you can craft a URL, which creates a filter upon visit, as long as you are logged into Gmail. This seems scary, but let’s have a closer look.

To create the URL, you have to obtain valid values for a number of parameters. The error of reasoning lies in this paragraph:

Obtaining the at variable on the other hand can be done by tricking a user into visiting a page that contains malicious code that subsequently steals a cookie from the user called GMAIL_AT which is the same as the at variable, just named differently. Once the cookie is stolen the malicious code creates a hidden iframe with a url containing the variables that authorize Gmail to create a filter for your account.

In other words, to create the filter, the attacker has to get the session id from the cookie. As the content of the cookie is only known to you and Gmail, that is not really a fair prerequisite. Once the cookie is stolen, you are pwned anyway. With a valid session id, an attacker can completely control your Gmail account. The creation of a filter doesn’t make much of a difference.

Indeed, Gmail had a CSRF vulnerability in September 2007. Google was upfront enough to note that fact in their post, but it has been fixed a long time ago. It seems that someone barked up the wrong tree in this case.

Don’t get me wrong, there are ways to steal the cookie. But complaining that you can create a filter with a valid Gmail session id is like complaining that you are able to open the trunk of a car if you can get hold of the keys. You could just as easily drive away with it.