Skip to main content

This site is now sort of static has always been powered by WordPress, but every now and then it’s fallen victim to annoying hacks that manage to write some spam nonsense at the top of all my PHP files. From what I can tell, WordPress and the few plugins I use are such a labyrinthine mess of code that going through and closing security vulnerabilities would be a sisyphean task.

So, I’ve taken the nuclear option – this site, as served to the wider web, is now entirely made up of static files. Hopefully, that’ll stop the hacks – there’s no PHP to abuse, leaving only any vulnerabillities in Apache or Media Temple’s account management as potential ways of getting in.

The static files are generated by Spress, which seems to be one of the least opinionated static site generators I’ve come across. It was very easy to make it produce pretty much exactly the same pages WordPress does.

I still wanted the nice editing interface WordPress provides, so I’ve made a plugin which exports posts from WordPress to the Spress source directory whenever I update them. I’ve got the WordPress installation hidden somewhere private, behind a very simple login script which stands in the way to make sure that nobody else can run WordPress code. This way, I can write posts in WordPress, and the plugin automatically rebuilds the site for me. The one compromise is that I can’t do comments any more – my current line of thought is that I’ll write a script to add comments to the WordPress database which would be simple enough to satisfy myself that it’s more secure than going through WordPress itself.

For the moment I’ve kept the layout of the site as it was, but it’s looking very old now so I’d like to redo it at some point. I don’t really post here any more, so it’s entirely possible that this’ll still be the top post in a few years’ time.

Next job is to do the same thing to The Aperiodical, which will take a lot more work!

Pattern-matching syntax trees

I’m doing some very fun things with pattern-matching syntax trees today.

For context: I write a computer-based assessment system called Numbas, and it’s focused on assessing mathematics. A big part of that assessment involves asking the student to enter an algebraic expression as the answer to a question. How do you decide whether to mark the student’s answer as correct or not? Historically, there have been two approaches, given a representative “correct” expression written by the teacher:

  • Put the student’s answer and the correct answer into a canonical form. If their syntax trees are exactly the same, then the student’s answer is the same as the teacher’s. This is the model used by, for example, STACK.
  • Identify the variables used in the student’s answer and the teacher’s. Pick a few random numbers as values for those variables, and evaluate both expressions. If they come out to the same number, then the student’s answer is the same as the teacher’s. This is the model used by systems in the CALM line.

Read more…