Scripts were not getting published. So, I couldn't put the source code of MySpace worm and it's how to...So, after my exam this scripts will be here ;-)
Wednesday, November 01, 2006
Tuesday, October 31, 2006
How to become a hacker
So, I'll let you in on the secret. Here are the steps to becoming a hacker:
1. Download the source code to the program you want to change
2. Untar it on your hard drive
3. Get it to build and run
4. Open the source code in an editor
5. Find the part of the code that you need to change to make the program do what you want it to do
6. Make the changes you need to make to the code and test it to make sure it works
7. Run the diff -u command and email the output to the mailing list
That's it; follow those instructions and I guarantee you will be a hacker.
If there are no programs that you want to change, then maybe you don't want to be a hacker after all. Or maybe you haven't used software enough; how can you be a software user in 2005 and not have things you want to change?
Steps 1-4 sound stupid and obvious, but the fact is most people get stuck on step 1. Can you be a hacker if you don't have any source code on your computer? It might be possible but I haven't seen it done.
If you bloody your toes on step 3 a few times, don't be discouraged. It is ridiculous and humiliating but sometimes this step takes the longest and is the most difficult.
If you're lucky, step 5 is as easy as grepping the source tree for some relevant string from the program's GUI or output. It's more likely that you'll need to spend some time figuring out the layout of the code, sprinkling source files with printf's as you home in on the right area. It might also help to step through things in a debugger.
Step 5 gets easier the more experience you have. The more code you've read, the more programming patterns you know. Recognizing programming idioms makes it easier to figure out what someone else was thinking when he wrote the code you're trying to change. Of course step 5 is also easier if the software you're working on was written by a programmer with a lot of experience, who tries extra hard to write easy-to-understand code. Programmers with experience write easier-to-read code because they've been through the shock of having to fix a bug in code they wrote a year earlier and recognizing nothing.
Step 6 is commonly referred to as "hacking" but it's not always the part that takes the longest. If you're trying to hack a change into something big and complex, expect step 5 to eclipse step 6 in time consumption. One of the best hackers at Novell recently spent two months working on a hack involving Wine that ended up being a two line change. So prepare yourself mentally to spend a lot of time in step 5 before you reach step 6, and sometimes to go back from 6 to 5 a few times.
But most people don't reach this point, so if you're at step 6 you can safely call yourself a hacker. Whole books are written on how to do a good job of step 6, so I won't elaborate too much here, except to say that you probably can't be good at writing code until you've written a huge amount of it.
The real key to being a hacker is getting to the point where you're hacking. Without source code, a working build and a working knowledge of the layout of the code, you're not even able to start hacking. But once you know your way around in there and you're writing code and watching the program take shape, well, that's the fun part.
You just gotta get there.
Monday, October 30, 2006
Google Web Accelerator: Hey, not so fast - an alert for web app designers
Google’s web accelerator seems like a good thing for the public web, but it can wreak havok on web-apps and other things with admin-links built into the UI. How’s that?
The accelerator scours a page and prefetches the content behind each link. This gives the illusion of pages loading faster (since they’ve already been pre-loaded behind the scenes). Here’s the problem: Google is essentially clicking every link on the page — including links like “delete this” or “cancel that.” And to make matters worse, Google ignores the Javascript confirmations. So, if you have a “Are you sure you want to delete this?” Javascript confirmation behind that “delete” link, Google ignores it and performs the action anyway.
We discovered this yesterday when a few people were reporting that their Backpack pages were “disappearing.” We were stumped until we dug a little deeper and discovered this Web Accelerator behavior. Once we figured this out we added some code to prevent Google from prefetching the pages and clicking the links, but it was quite disconcerting.
This wouldn’t be much of a problem on the public web since it’s pretty tough to be destructive on public web pages, but web apps, with their admin links here and there, can be considerably damaged. If you have a web app, it might be worth returning a 403 when the HTTP_X_MOZ is set to “prefetch” header is sent. This will keep Web Accelerator from clicking destructive links.
(found this article from some url)
Cross-Site Scripting Worm Hits MySpace
With the advent of social networking sites, becoming more popular is as easy as crafting a few lines of JavaScript code, it seems.
One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.
How did Samy transcend his humble beginnings of only 73 friends to become a veritable global celebrity? The answer is a combination of XSS tricks and lax security in certain Web browsers.
First, by examining the restrictions put into place by MySpace, Samy discovered how to insert raw HTML into his user profile page. But MySpace stripped out the word "javascript" from any text, which would be needed to execute code.
With the help of Internet Explorer, Samy was able to break the word JavaScript into two lines and place script code within a Cascading Style Sheet tag.
The next step was to simply instruct the Web browser to load a MySpace URL that would automatically invite Samy as a friend, and later add him as a "hero" to the visitor's own profile page. To do this without a user's knowledge, the code utilized XMLHTTPRequest - a JavaScript object used in AJAX, or Web 2.0, applications such as Google Maps.
Taking the hack even further, Samy realized that he could simply insert the entire script into the visiting user's profile, creating a replicating worm. "So if 5 people viewed my profile, that's 5 new friends. If 5 people viewed each of their profiles, that's 25 more new friends," Samy explained.
It didn't take long for friend requests to start rolling in - first in the hundreds, then thousands. By 9:30pm that night, requests topped one million and continued arriving at a rate of 1,000 every few seconds. Less than an hour later, MySpace was taken offline while the worm was removed from all user profiles.
Samy says his intentions weren't malicious, but expressed concern that MySpace, which was purchased by News Corp. in July for $580 million, wouldn't see it that way. Company officials have not contacted him, but his account was deleted.
"My primary motivation was to make people laugh. I wanted a few friends to have my name appended to their list of heroes, including some of their own friends whom I don't know directly," Samy told BetaNews in an e-mail interview. "Me, a hero? That had to be the funniest joke people have heard in a while. Well, a lot more people heard it than I had really wanted."
Still, aside from remnant "samy is my hero" text strewn across the Internet's fifth largest Web site, the end result could end up positive.
The worm has piqued the interest of a number of security professionals who say XSS is a major problem that many companies overlook. Google employee Evan Martin even broke down the worm's AJAX code on his personal Web log.
"Found in over 90 percent of Web sites, Cross-Site Scripting vulnerabilities are by far the most common security issue," Jeremiah Grossman, co-founder and CTO of WhiteHat Security, told BetaNews. "The incident with MySpace illustrates the dangers presented by XSS vulnerabilities and underscores the importance for organizations to fix these issues."
"Those who do not, especially the on-line financial institutions and community Web sites, are prime targets," added Grossman. But Samy noted that MySpace isn't the only party to blame for the vulnerability, stating that browser makers also need to do a better job with security.
"MySpace has always properly filtered out valid JavaScript indications," Samy said, "however it was due to browser leniencies that allowed me to still get JavaScript to execute."
Thursday, October 26, 2006
English Auction
Most people who have ever attended or taken part in an auction have experience with English auctions. For those in the United States, these are the most common types of auctions and are generally the type that third-party auction sites most often use. While this type of auction may seem to be the most simplistic, it can be more complicated and may not always be the best choice for sellers.
In an English auction, an item is placed up for bid and the seller generally sets a reserve price. The reserve price is the minimum selling price for the item and is generally not known to bidders. That does not mean that bidding will begin at the reserve price. Sometimes these auctions begin below the reserve price and if that reserve price is not met, then the item is not sold and the transaction is not completed.
After the reserve price is set, bidding begins at a price determined by the seller and increases in previously specified increments. With online auctions, either the seller or the auction site will set the length of time the auction will last. When the auction ends, the highest bidder is named the winner (if his bid is higher than the reserve price) and he pays his the price he bid. For example, a seller may have a used computer up for auction. He may set the reserve price at $100 and may start bidding at $50. Additionally, he decided to raise bids in $5 increments and to allow the auction to go on for 14 days. Bidder A bids $100, Bidder B bids $105, and Bidder C bids $150. Bidder A then places a second bid for $160 followed by a second bid from Bidder B for $175. When the bidding ends fourteen days later, Bidder B is the winner and he pays $175 for the used computer.
English online auctions can also be further complicated by sniping and by proxy bidding. Sniping is the practice of waiting until an auction is almost over and placing a higher bid. Generally, snipers have been watching the auction for a number of days but refrain from placing a bid because they do not want to drive up the price by expressing interest. Proxy bidding is the ability to set a maximum bid amount in order to continue bidding even when not present or taking an active part in the auction. For instance, Bidder A may place a maximum bid of $125 and a current bid of $100. Technically, this Bidder A has bid $100. If another Bidder B places a bid of $115, then the Bidder A remains the high bidder but he his actual bid would go up to $120. If Bidder B placed a bid for $130, then Bidder A would be outbid and would have to place a new bid in order to continue participating in the auction. Sniping and proxy bidding add in the need for further strategy. Bidders who get into the auction early must try to determine the maximum price the item will reach and must keep in mind the possibility of losing out to a last minute sniper.
esides these complications, English auctions are not always the best bet for sellers. The price for the item is usually increasing in small increments and the bidding is open so that everyone involved can see the current bids (not the maximum proxy bids, which are kept sealed). Consequently, bidders generally try to work hard to keep the prices lower so that they can purchase the item below its value. When this happens, the seller ends up earning less on the item than they may have realized if another type of auction logic was employed.
On the other hand, English auctions have often caused bidders to become overly enthused by the activities and to bid even more than the value of the item. Paying more for an item than it's value is known as the Winner's Curse. The bidder»s desire to win the auction and/or to beat the competition is such a motivating factor in these instances that many bidders do go far beyond an item's value. The end result, of course, is a greater profit for the seller. However, sellers do not always benefit from the Winner's Curse and other related phenomenon. In many cases they can receive better results by opting for a traditional Dutch auction, which uses a descending-price structure along with open bidding.
Dutch Auction
Typically, when people think of an auction, they think of either a numbers of bidders all competing and raising the price until one person wins and ends up paying the highest bid. The reality is that this is just one type of auction. For example, there are second price auctions in which the bids are sealed from all of the bidders and the winner actually pays the highest losing price. Dutch auctions are another variation on what is considered a traditional auction. These Dutch auctions are so-named because they have been used for centuries in Holland as ways for produce and flower vendors to sell their goods. In more recent times, sellers of fish, credit, and a wide variety of other items have used this auction version to sell their products.
In a Dutch auction, a seller offers up an item for bid at a very high price. The initial price is much higher than the item's value usually and no seller expects to get that price for the item. Because bidders must know the amount of the bids, bids are not sealed as they are in some types of auctions. The price is lowered in increments until a bidder chooses to accept the current price. He pays that price for the item as the winner. For example, if a business is auctioning off a used company car, the bidding may start at $15,000. The bidders will wait as the price is lowered to $14,000 to $13,000 to $12,000 to $11,000 and to $10,000. When the bidding reaches $10,000, Bidder A decided to accept that price and he because he is the first bidder to do so, he is considered the winner and has to pay $10,000 for the automobile.
Like second price auctions, Dutch auctions can also be used quite easily for selling multiples of the same item. For instance, if the business was selling three cars, Bidder A may have purchased the first at $10,000 but that wouldn't stop the auction. The price would continue to decrease. So it might go down to $9,000 then to $8,000 and Bidder B might choose to accept that price, so he would pay $8,000 for his car. Since one car is still available, the price continues to be lowered. At this point, the bidders would begin to get anxious since only one car is left. Bidder C would wait until the price went down to $6,000 and then he would make his move and would end up paying $6,000 for the automobile.
While the above example may make it seem like the seller could be losing money in a Dutch auction, the reality is that they generally make more than they would with a more traditional ascending-price auction. With an ascending-price auction, the bidders do raise the price but rarely will they raise above the item's actual value. They have no reason to act fast because they know exactly when the auction will end, and they can always sneak in at the last second with a slightly higher bid. In a Dutch auction, however, bidders must act fast because they have no idea when the auction may be over. So even though the price is being lowered instead of increased, bidders will end up paying at or even above the item's value.
One of the only problems with Dutch auctions has nothing to do with the auction logic itself but with a common area of confusion. The financial world and some third-party auction sites use the term »Dutch auction» when they refer to second price auctions. In truth, there is a huge difference between the two types of auctions. Second-price auctions are auctions in which the winners pays either the price of the lowest winning bidder or the price of the highest losing bidder. The confusion in the terms can be problematic for individuals interested in getting involved in either type of auction, so it is important to clarify which type of logic will be used before participating.
Depending on what individuals have to sell and how much money they hope to earn as a result of a successful auction, Dutch auctions can be an ideal alternative to more traditionally used approaches. The descending-price structure of these auctions increases competition among bidders and makes acting fast a necessity. Bidders just need to be sure that they are participating in a real Dutch auction, not a misnamed second price auction before getting started.
Sunday, October 22, 2006
The Art Of Making Animated GIFs
Here's a guide that will take you each step towards making easy animated gifs in a matter of few minutes.
My artistic ego got a boost and took a front seat when a friend of mine insisted that I make some animated gifs for his project. After rummaging around on the Net for a couple of minutes, I came across the latest version of Easy GIF Animator; one of the easiest ways to make animated gifs. And to prove that point, here's a guide that will take you each step towards making easy animated gifs in just a few minutes.
The application
As aforementioned, we'll be using the Easy GIF Animator 3.5 for this guide. The 20-usage trail version is available for download here. I suggest you install the software first so that you can try making gifs as you go through the article. The installation takes a couple of minutes and is pretty simple.
Features at a glance
Easy to use software for creating and editing animated GIF images, animated pictures, banners, and buttons.
Support for all types of GIF animation and provides good image compression.
Edit and modify animated GIF images.
Create moving text effects.
Optimize animated GIF images so they take less space and load faster.
Preview GIF animation in web browser.
Manage animation frames and set animation loop count and frame duration.
Extract separate animation frames.
Convert GIF animation to grayscale.
Edit animated GIF palette.
Reverse GIF animation or a portion of it.
Export GIF animation to AVI format.
Generate HTML code for publishing animation on the Web.
Get, Set, Go!! 
The welcome screen gives you an option that allows you to create a new animated gif banner for web pages or just edit an existing animated gif.
Let's start with making a simple animated gif image. Before proceeding further, I suggest that you prepare few image files, which you will use to create your animation. It is recommended that they all have the same dimensions.
Click the Insert Picture Frame icon if you want to insert a picture directly or the Insert Blank Frame icon if you want to manually create a design on your own.(GIF Animator 3.5 uses MS Paint as the default frame editing application, but you can specify any other application of your choice as well.)
That's how the window looks after you've inserted picture frames.
Selecting any single frame will give you its Frame and Animation options.
The Animation properties allow you to either repeat the animation indefinitely or set the number of times it will be repeated.
One can resize the entire animation and scale up or scale down the image dimensions. This may not be as cool as it sounds as it simply degrades the quality of the pictures.
You can also optimize the entire animation so that you can save on size of web pages you want to upload the gif on to.
Incase, you want the frames to move in a particular way one after the other, you can use the Transition settings to do the needful. It provides PowerPoint-like options to give various transition effects to a single or multiple frames. 
The Convert to Grayscale option transforms all the frames in the file to Grayscale.
The Preview option on the top right of the edit window lets you see the resulting animation before you save it. Also, GIF Animator allows you to preview the gif in a browser window as well.
As far as saving goes, you can save the entire set of frames as a single gif animation or export any single frame. One can also export the animation to a .AVI file.
That done, you can generate the HTML code for the gif with just a few clicks and then copy-paste the code to your webpage script.
Well, that was our dope on how to create your own animated GIFs. The same goes for banners as well. Now, let's see how to make buttons.
The create button wizard guides you through the entire process with considerable ease. 
First, select the shape for the button. You can select ready sizes or templates that are available with GIF Animator. You can also include a set of your own templates to do the job.
A small frame at the bottom of the window gives you a preview of how the button looks at every stage.
Next step is to select the size, background, and border of the button that can be done very easily. Check the screenshots below.
This is followed by the part where you give a caption to your button. Here, you have the option of giving up to three captions to the button that cycle through one after the other in the set duration.
That done, we are transported back to the main window that will allow us to change any part of the frames we want as well as change the animation and frame setting. Again, real-time preview as well as web page preview is available.
Well, that's one of the quickest and easiest ways of making animated GIFs, banners, or buttons for your web page. I must say, if you want pro-like features or quality, the Easy GIF Animator is not for you. This one's for all those creative geniuses who don't have the time or energy to learn ultra high-end professional software for a couple of gifs or buttons here and there. I am sure this guide will set you in the right direction.
Coming Soon: Rival to Wikipedia
According to reports, Larry Sanger, co-founder of Wikipedia, and the site's former editor-in-chief, is launching a rival site called "Citizendium".
"Citizendium" aims to weed out biased or incorrect information and obscenities by creating user registration and editorial controls, in contrast to the more open submission process at Wikipedia. Besides, the site will be an invitation-only one for experts in various fields.
According to Sanger, "Citizendium" will initially start with replicating the database of articles on Wikipedia, which uses open-source code. It will then evolve into a new encyclopedia as expert participants post their material.
Sanger pointed out that there are a number of problems with Wikipedia that can be solved, and that by solving these, they can end up with an even bigger and better encyclopedia.
A test version of "Citizendium" to be launched this week in Harmon, California, will deploy experienced editors and subject authorities to tune information submitted by Web surfers.
Sanger said that by engaging expert editors, eliminating anonymous contribution, and launching a more mature community under a new charter, a much broader and more influential group of people and institutions will be able to improve upon Wikipedia's extremely useful, but often uneven work.
And in an attempt to discourage mischievous postings, Sanger said that "Citizendium" would require members to register their real names before they write for the online encyclopedia.
Meanwhile, "Citizendium" will be open within the next few days to a limited number of invited editors and members of the public who apply, and will be made generally available by the end of the year.
Google Gadgets for Your Webpage!
Now, with "Google Gadgets for your Webpage," users can make their Web sites look more dynamic and content-rich.
Google Gadgets, a tool previously available to users for adding to their personalized Google homepages and Google Desktops, is now available to Webpage owners to add to their own Web sites.
Google Gadgets are actually miniature-sized objects that offer cool and dynamic content that can be placed on any page on the Web.
According to Adam Sah, architect, Google Gadgets, "Now anyone can have a great-looking Web site with automatically updating content. By making Google Gadgets available for users to add to their Webpage, we are working to connect developers with enthusiastic consumers, and to make information universally accessible and useful to individual users."
Google Gadgets allow Webpage owners to add complex, dynamically updating content to their own Web sites, with almost no effort, and at no cost. Users have an enormous variety of around 1,220 Google Gadgets, including games, news clips, weather reports, maps, sports, business, and more to choose from, providing the freedom to select only those gadgets that best complement their page.
Google Gadgets are small bits of code that function as dynamic applications when installed on a Web page.
To add a gadget to their Webpage, users have to visit the directory of "Google Gadgets for your Webpage" and find gadgets that they would like to add, and then select the preferences for the appearance of the gadget on the page. After this, users need to copy and paste the HTML code from the window onto the HTML code for their Web sites.
To distinguish these new Web-based programs from Desktop Gadgets; Google has dubbed them "Universal Gadgets". By contrast, Desktop Gadgets are designed to run only on Google sites, or on users' computer desktops.
Saturday, October 21, 2006
First time not at home on Diwali :-(
Today is Diwali. My favourite festival. Home beckons. But, what m I doing? Staying back in my hostel. Till yesterday it was something like I can manage without going home. But now even before the evening has come, I feel sickening. It's for the first time I am not at home on Diwali or is it the beginning of never being at home on Diwali henceforth? Given that I'll be moving to South India few months from hence, the second one is more likely. Yesterday morning dad gave me a call. He wanted to know when I am coming. When I refused to come, it was mom who was pressurizing. "I'll not make anything if you don't come", she said. Now, that is so...grrr. It's the time when everyone enjoys, there are lotsa sweets and delicacies and she says she won't make anything if I don't come. Anyways, I convinced them by saying, "I have exams 2 days after Diwali". Now, you all don't think that I was lying. I do have exams. So, they gave up. But, now I am feeling sick. Mom's sweets, my lovely younger brothers' happiness and all the joys involved in Diwali, I am missing them all. Waiting to get a call from Dad. Miss you.
Wednesday, October 18, 2006
Subscribe to:
Posts (Atom)
