Blogs

ASCII Art Pony

Isn't that cool?

         ,;;*;;;;,
        .-'``;-');;.
       /'  .-.  /*;;
     .'    \d    \;;               .;;;,
    / o      `    \;    ,__.     ,;*;;;*;,
    \__, _.__,'   \_.-') __)--.;;;;;*;;;;,
     `""`;;;\       /-')_) __)  `\' ';;;;;;
        ;*;;;        -') `)_)  |\ |  ;;;;*;
        ;;;;|        `---`    O | | ;;*;;;
        *;*;\|                 O  / ;;;;;*
       ;;;;;/|    .-------\      / ;*;;;;;
      ;;;*;/ \    |        '.   (`. ;;;*;;;
      ;;;;;'. ;   |          )   \ | ;;;;;;
      ...

Browser Security: Passwords are not protected at all...

Firebug to the rescue

As a developer, I use tools that allow me to find out whether my code works as expected. This tool, Firebug, allows me, among other things, to look at a browser DOM and the content of all the variables.

Log In Page Safe!

The other day I went to a page that asks for your log in name and password. The page looks proper and the password, as expected, is hidden from praying eye while you type it. In other words, it shows bullet points for each character that you type. Perfect.

Phone Call Distraction

Now... imagine that I start typing my user name and my password, then ...

Learning more about convert from ImageMagick

As I often scan documents that in the end I want to get in Black & White and cropped, I decided to look at the capabilities of the convert command line tool so I wouldn't have to manually change those images.

With the Gimp I can load the image, crop it to only what I want to keep, then convert the page to black and white. However, to get a valid black and white image, you want to first apply a filter that looks like this:

Filter to prepare image for monochrome conversion.

This is done using the following convert command line option:

-level 55%,71%,1.0

This tells the convert tool to change all colors that have a level of 55% or ...

JavaScript Inheritance

JavaScript objects can inherit from others using the Object.create() function as follow:

function A()
{
    // some initialization
}

A.prototype = {
    var_name: "some value",

    func_name: function()
    {
        // some implementation
    }
};

function B()
{
    // some initialization
}

// make B inherit from A
B.prototype = Object.create(A);

Unfortunately, that prevents you from using the object declaration to extend B. Now you have to use B.prototype.name = value or function.

Internet Security, or lack thereof...

As I was looking around, I was given a link to this tool called sslstrip. Looking closer, I could see that the guy had a point, really! That is, his method works. Not only that, as you can see in the video, running the system for a day you can get the content of POST requests of over 100 passwords, credit card numbers, etc. with a single computer.

Although this requires you to have access to a local network to start the man in the middle attack, it looks quite simple to hack a so called secure website.

A few years ago, it was as simple as adding a certificate in the chain (duh!) and you ...

Nearly 1,000 attempts to create a user account...

As I was looking at the number of users trying to create an account on one of my websites, I noticed that the reCAPTCHA counter was at about 950. This means that this one single robot tried that many times, in the last 2 weeks alone, to create an account on our website.

Robots try to do that because with an account they may then be able to add content to the website. You can imagine the type of content they're interested in adding...

Noticing that, I decided that enough was enough, and I wrote a small script that detects such attacks and blocks those IP addresses in the server firewall. ...

How common are bad passwords?

As I was looking for a hacker site that would offer a complete list of passwords, I found a page that showed the top 25 passwords used on common websites such as Facebook and Twitter, and even email systems like Yahoo! or GMail.

The Unix File System -- a Gotcha?

A Powerful File System

When handling files under Unix, you have a mechanism which is completely different than the file system available under MS-Windows and most often programmers who are used to MS-Windows will not understand one of the most powerful feature of a Unix file system.

Each file is assigned what is called an inode. When a file is being accessed, its inode gets locked (a simple resource reference count), and once done with it, it gets unlocked.

While being locked, the file can get deleted. If that happens, the file disappears from the file system (i.e. an ls command does not ...

The MySpace Worm

A Website Worm starts with JavaScript that infiltrates other people browsers and send information from their computer to you.

There are all sorts of reasons why such would work or not work. Interestingly enough, a stylesheet can include JavaScript when added as a style argument. At least Internet Explorer understands such when used in a url() as used for a background specification:

<div style="background:url(javascript:alert('Foor'));">

As we can see, the alert shows up when this tags gets loaded. Now you can have that alert appears on someone else's computer ...

Château de Montbéliard

As a kid, one of our teachers asked us to draw the Château de Montbéliard from an old photograph.

The castle was still dirty at the time. It has been cleaned up since and the rock looks white. Something that even the people who built that castle most certainly have never seen!

Château de Montbéliard

This picture won second place. Unfortunately, the kitchen and first palace (center part between the two towers) is not detached from the right tower. My 3D skills were not yet perfect then.

Find a picture of the castle in modern time on WikiPedia.