This last week saw SIGGRAPH 2010 in Los Angeles, sunny California. It was there that I gave my first talk at a real conference. One request that I had not anticipated was for the slides from the talk, and so I post them here now.
Pending some red tape resolution, I hope to post the live-working demos soon. Until then, I hope that this video from the original conference submission will whet your appetite!
For those particularly curious, feel free to contact me or refer to the abstract.
Several months ago, I was given credentials to download a piece of software, and I needed to download another copy only to find that I had forgotten the password. I anticipated it would take quite a while to email the people in charge, and on a whim I decided to take action. Right click, view source.
To my surprise, all the authentication was done in JavaScript, though in all fairness it was “encrypted.” I’ve changed the underlying keyphrase in a code example, and I pose a small puzzle – find the password.
You may find jconsole helpful.
var pass=new Array()
var t3=""
var lim=8
pass[0]="fE13Cw9emtKIg1F"
pass[1]="wKTuZEy387Im8b2"
pass[2]="3NKevEgjpWWwmSE"
pass[3]="CryO6BmP9XpUlke"
pass[4]="8R4Gf2sgs5Xs5KI3"
pass[5]="62GZJ9Dzc2y8lBTU"
var extension=".html"
var enablelocking=0
var numletter="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
var temp3=''
var cur=0
function max(which){
return (pass[Math.ceil(which)+(3&15)].substring(0,1))
}
function testit(input){
temp=numletter.indexOf(input)
var temp2=temp^parseInt(pass[phase1-1+(1|3)].substring(0,2))
temp2=numletter.substring(temp2,temp2+1)
return (temp2)
}
function submitentry(){
t3=''
verification=document.password1.password2.value
phase1=Math.ceil(Math.random())-6+(2<<2)
var indicate=true
for (i=(1&2);i<window.max(Math.LOG10E);i++)
t3+=testit(verification.charAt(i))
for (i=(1&2);i<lim;i++){
if (t3.charAt(i)!=pass[phase1+Math.round(Math.sin(Math.PI/2)-1)].charAt(i))
indicate=false
}
if (verification.length!=window.max(Math.LOG10E))
indicate=false
if (indicate)
alert("Correct password.")
else
alert("Invalid password. Please try again")
}
You can also get it in a testable html page.
I recently told my grandmother and cousin-in-law, Wess, about RSS feeds, and both of them said they had been wanting something like RSS for a long time. I told them a little bit about how it’s implemented and what is means, but I wanted to put a quick-and-dirty guide to your introduction to RSS.
RSS stands for “really simple syndication,” and it’s a list of current items on a website. When new items are added to said website, the RSS feed, as it’s called, gets updated with the new information. Since you need a client to really make use of your various feeds, it can keep track of which items you have seen and which you have not, and advises you as such. In this way, you can keep track of the current content on a multitude of websites without visiting each explicitly – the news comes to you.
First you’ll need a client. For Mac, I’d recommend NetNewsWire, which you use in conjunction with your NewsGator account. NewsGator actually has an online client that is synchronized to your desktop client, and it’s pretty useful for when I’m not on my personal machine. For Windows, About.com has compiled a list of their top 10 clients.
From there, you’ll make the rounds to your favorite websites and look around until you see the RSS feed logo, 
or the words “RSS Feed.” When you click on it, you’ll be taken to a URL that is the feed itself. You want to add this URL to your client by adding a new subscription, and copying and pasting. For example, the feed on my website is http://dan.lecocq.us/wordpress/feed/.
Once you’ve added all of your most-visited sites, you can begin using your client as you would say, an email client – reading all the new items as they’re delivered to you.
That, essentially, is the long and the short of it. If I’ve left out points or there’s something you think I should add, I’d encourage some discussion in the comments.
For those of us familiar with SQL, we’re almost certainly familiar with SQL injection attacks. We’ve talked about them in class, and maybe the more nefarious of us has even tried it on a form or two. There are vulnerable ones out there – I remember having to tell an experienced programmer about sanitizing his form input. If you’re reading this, you know who you are.
For those of you who don’t know about SQL injection attacks, the long and short of it is you try to give input in a form that will be interpreted as SQL and executed. So, for example (see comic link below), you might try to give input that deletes records, or inserts malformed records. For example, a simple, well-formed request to insert a comment might be:
INSERT INTO `comments` (`name`, `comment`) VALUES ('Bob', 'My comment');
If Bob’s comment has a quote in it, though, if you haven’t sanitized the input, you’ll get something that doesn’t make any sense to the interpreter:
INSERT INTO `comments` (`name`, `comment`) VALUES ('Bob', 'It's my comment');
Say Bob were feeling malicious, part of his comment could be an entirely new command that the interpreter would deem valid. If his comment were “Haha suckers!’); DROP TABLE `comments`;”, then we’d get two well-formed commands that would get executed:
INSERT INTO `comments` (`name`, `comment`) VALUES ('Bob', 'Haha suckers!'); DROP TABLE `comments`;');
This, as you can imagine, is not desirable. So, part of sanitizing input is to escape out characters that are normally recognized by the interpreter:
INSERT INTO `comments` (`name`, `comment`) VALUES ('Bob', 'Haha suckers!'); DROP TABLE `comments`;');
At any rate, a few months ago, I actually had an attempt more or less ‘caught on tape’ in the comments section of my blog. I got an email that there was a new comment awaiting moderation, and it was this:
Bill164415140′,’311521868billy@msn.com’,”,’30.68.179.4′,’2008-03-12 16:12:16′,’2008-03-12 16:12:16′,”,’0′,’lynx’,'comment’,'0′,’0′),(’0′, ”, ”, ”, ”, ‘2008-03-13 16:12:16′, ‘2008-03-13 16:12:16′, ”, ’spam’, ”, ‘comment’, ‘0′,’0′ )
Not exactly the most harmful stuff. Still, it was nice to see an attempt in the wild.
Another good example is this xkcd comic.
I am actually writing this post from my Nintendo DS. Though I originally got the DS to use with a Kanji dictionary cartridge, since I had it laying around, I thought I’d drop the $30 to let me surf the net with it. That said, I had heard mixed reviews about the Opera web browser for DS, but most complaints were from people looking to play Flash games on the ‘net or people expecting Firefox on something like this.
Although it doesn’t boast the fastest browsing around, I’m liking it very much so far. Late nights in bed trying to recall the details of the Ford-Fulkerson algorithm can be settled earlier with a bedside visit to Wikipedia from my new toy. I envision myself taking this places where I don’t want to lug around a laptop (read: coffee shops), but I may have to look something up on Google or Wikipedia to verify a friendly bet.
It is, however, a little cumbersome to write a post or e-mail like this.
Addendum:
I thought it might be useful to show some sites with which I’ve had success, and which ones flounder.
Facebook – yes; little finnicky
Gmail – yes; no hitches
Google Reader – not yet; trying to tweak
Meebo – no; definite no
Lifehacker – yes; looks good, too
Wired – yes; slow to open, though
Google Search – yes
Google Maps – no :-(
Instructables – no
Yahoo Maps – yes; I miss Google
Apparently Google is increasing storage at a faster rate – a rate which will put our Gmail storage at 6 Gb by January 2008. I personally enjoy signing into Gmail every day and taking a glance at their storage counter.
Like passing a 10k mile mark on your car, who doesn’t get a kick out of seeing lots of 9′s turn into lots of 0′s? I’ve been waiting for the 3000 Mb mark for a while, and with the new rate, it’ll be happening tonight around 6:20 Mountain Time. Would it be nerdy to actually go to my computer and visit the site just to see it turn? Maybe. I’ll post screen shots if I’m nerdy enough and victorious.
I’m now accepting bets on whether or not confetti will fall from the ceiling when it hits 3 gigs.
I have been dying to try out Mint, but unfortunately it doesn’t support my local bank at this point. They recently reworked their setup so that it’s much faster than it was a couple of days ago, and it looks so incredibly amazing. What it does is it keeps track of your various credit cards and bank accounts by logging you in and retrieving your recent activity. I’m not sure to what extent it automatically sort things, but my understanding is that it will do its best to pick out things like gas and groceries and sort them accordingly. See the changes in your monthly entertainment spending.
All in all, it looks very sharp. I emailed them about adding support for my bank, and hopefully they will do so soon.
Via LifeHacker.
A very funny clip epitomizing forum life on the web. Via 43 Folders
I’ve been moving my blog around a lot, but it will have the following resting place for the next two years (I own the domain for at least that long): http://dan.lecocq.us/wordpress
I read about Shoeboxed today on Lifehacker, and have been trying it out. Up until this point, I really do keep physical receipts in a shoebox or binder (and probably still will) and have been tagging e-mailed receipts as such in Gmail, and then archiving them. That was all fine and dandy, but it’s nice to have something that’s built just for that. I took all my old Gmail-stored receipts from such various places as Basegear.com and Potion Factory, and it recognized them as receipts without a hitch and found the right amount in the e-mail. Well-done Shoeboxed.
It reminds me of a service called KeyFiler which lets you store your registration keys for software, etc. in a safe, secure and accessible place.