Thursday, March 30, 2006

Web2.0

Here is an nice article regarding web2.0 :
The term Web 2.0 shows up a lot in the on-line and in-print press when discussing some of the new web sites on the Internet. Places like Flickr, Blogspot, Wikipedia, 37Signals, and AjAXWrite are just a few web sites that embody the Web 2।0 paradigm.
Read More>> SciTech Watch - Web 2.0

Update:

Web 2.0 is the business revolution in the computer industry caused by the move to the internet as platform, and an attempt to understand the rules for success on that new platform. Chief among those rules is this: Build applications that harness network effects to get better the more people use them.
Another good explanatory article What is Web 2.0? Really.

Wednesday, March 29, 2006

Why Ruby on Rails Will Ultimately Dominate Software Development

The new 1.1 version of Ruby on Rails almost seems to drive the final nail into the coffin of .NET and J2EE. Enterprises will take their time but everyone else will start turning out great software. Includes rare video interview with Rails creator and detailed overview of Rails 1.1.

read more | digg story

Tuesday, March 28, 2006

Life without mouse

For those who think that life without a mouse reminds you of the 80's or MS Dos, I've got a message for you, it really isn't that bad. Infact whatever you do with the mouse you can do without it and you can easily learn to use some really great keyboard shortcuts to make your work fast even with a mouse later.
via Lifehacker

Life Without Mouse >> Tips & Tricks [Chrono Tron]

Monday, March 27, 2006

Taking Free Software to the Farmers and Fields of India

FLOSS is behind an Indian Web site that brings together farmers and agricultural experts to exchange ideas and information.

Thanks to work done by the prestigious Indian Institute of Technology (IIT-Bombay) and its partners, IT-savvy and knowledge-hungry people across rural India now can find relevant, demand-driven farming knowledge on the aAqua.org Web site. So far, the site has been a great way to bring together people such as Prasad Kaledhonkar, who has a clue about what the white patterns emerging on tomato plant leaves are; farmer's daughter Niyatee Nilesh, who wants advice on buying agricultural land; and Shirish, from rural Maharashtra, who wants to learn about using waste water from the school kitchen to irrigate gardens and crops. Read More>>

Thursday, March 23, 2006

Little tweaks with javascript : Bookmarklets.

A bookmarklet is a snippet of Javascript that can be bookmarked (or saved as a favorite) inside your web browser. Bookmarklets can enhance web pages, add special functionality using javascript which is supported by most browsers today and make your browsing experience a lot more efficient by offering one-click access. I will first start with basics.
Consider a simple javascript :

  • javascript:alert('You clicked on the page');
When you type this in browsers location bar then it will show a message box with "you clicked on the page" message. Now change this slightly :
  • javascript:function ab(){alert("hello") ;};void(setInterval(ab,1));
Now this will repeatedly pop-up the message box in every 1-sec interval. Though this is of no use i'm just telling this to explain basics of javascript.

Now filling form with javascript :
  • javascript:function ab() {document.forms[0].login_username.value="someText" ; } ab() ;
Now this javascript will fill the value "someText" in field login_username of form in html page.
And lets try to take some user-input :

  • javascript:function ab() {q=document.getSelection(); if(!q) {void(q=prompt('Text :',''))} else alert(q)} ab();
Now this javascript will first check if some text is selected on page. If no text is selected it will prompt user for text else will show an message box with selected text. Now we can put this script to some good use : like

  • javascript:function ab(){q=document.getSelection(); if(!q){void(q=prompt('Search Text at My Blog: ',''))} location.href="http://www.technorati.com/search/ "+q+" linux?from=http://burad.blogspot.com "; }; ab();
Now this will search the selected text on my blog or if text is not selected than prompt user for text.

An equivalent script for searching on wikipedia is :
  • javascript:(function(){q=document.getSelection(); if(!q){void(q=prompt('Wikipedia keywords:',''))}; if(q) location.href= 'http://en.wikipedia.org/w/wiki.phtml?search='+escape(q)})()
Now you can bookmark this script in toolbar so every tim you click on button in toolbar it will execute javascript. For example Drag this to your firefox bookmark toolbar :


Search Burad's Blog
Or for wikipedia
Search Wikipedia

Some more bookmarklets :
Scale Images

Sort Table

Transpose Table

Show Password

So in a way they are different from bookmarks and provides extra functionality through power of javascript. Here are some more javascript bookmarklet
You can view source for each bookmarklet by viewing page source .
You can find more bookmarklets at : http://www.squarefree.com/bookmarklets/

See this helpful screencast on bookmarklets.

Some More Example at Wisdombay

Updated : For changing documenet backgrounds :
Change to Red
Change to green
Change to blue
This may not work with pages using css

Tuesday, March 21, 2006

Rubiks Cube Timer

This is a javascript timer made by me as i needed it some timer application on linux specific to Cubing. It also calculates average of your timings. Will try to add more features.
http://www.aburad.com/cubing/timer.html

here is an screenshot:

Happy Cubing !!

Monday, March 20, 2006

Splash image in GRUB

The splash image is the image shown in the background when GRUB (the GRand Unified Bootloader) is displaying the list of operating systems you can boot.

Creating image

  1. Start the GIMP.
  2. Click on File->New or type Ctrl+N
  3. In the new image dialog, change Width to 640 pixels and Height to 480 pixels. (The image should be of size 640x480 pixels.) Now click OK.
  4. Create the image which you would like to be the splash image. It's quite fun to experiment with the various tools of the GIMP!
  5. After you have finished creating the image, hit Alt+i or right click on the image and click on Image->Mode->Indexed...
  6. In the Indexed Color Conversion dialog that appears, click on the radio button "Generate optimal Palette" and in "# of colors" enter 14. Click OK.(The image should be of only 14 colors)
  7. Now right-click on the image and click on File->Save As...Save the file as ImageName.xpm in a directory of your choice.
You can also pickup an image and convert to required format by ImageMagik:
convert -resize 640x480 -colors 14 picture.jpg ImageName.xpm

Installing the Image

  • gzip ImageName.xpm
  • mount /boot
  • mv ImageName.xpm.gz /boot/grub/
In the /boot/grub/grub.conf you have to point splashimage to newly created image i.e

# Splash Image
splashimage=(hd0,0)/grub/ImageName.xpm.gz

Now you just need to reboot !!

Here is my boot splash screen: I just added my name and Gentoo logo :

This is converted to jpeg. As blogger doesn't support xpm images.




And some others :Some splash images


UPdated
For LILO you can refer to Lilo Boot splash

Saturday, March 18, 2006

Web2.0 Applications

This summary is not available. Please click here to view the post.

How to write a Makefile

"make is a utility that automates the process of converting files from one form to another, doing dependency tracking and invoking external programs to do additional work as needed. Its dependency tracking is very simple and centers on using the modification time of the input files."

read more

Tuesday, March 14, 2006

Poster of History of Programming Languages

Poster of history of programming languages of 1954-2004.

read more | digg story

Sunday, March 12, 2006

Steganography

Few days back i was taking part in an Hacking competetion, so there one of the cases was identifying hidden secrets between two identical looking images. We discovered that by doing a diff on those two images and checking corresponding ascii value. Untill then i was unaware that it is called Steganography. SO i just explored it..so here it is..

As from Wikipedia : Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message; this is in contrast to cryptography, where the existence of the message itself is not disguised, but the content is obscured.

For example, in ancient Rome and Greece, text was traditionally written on wax that was poured on top of stone tablets. If the sender of the information wanted to obscure the message - for purposes of military intelligence, for instance - they would use steganography: the wax would be scraped off and the message would be inscribed or written directly on the tablet, wax would then be poured on top of the message, thereby obscuring not just its meaning but its very existence.

The advantage of steganography over cryptography alone is that messages do not attract attention to themselves, to messengers, or to recipients.

Generally, a steganographic message will appear to be something else: a picture, an article, a shopping list, or some other message - the covertext. Steganographic messages are often first encrypted by some traditional means, and then a covertext is modified in some way to contain the encrypted message, resulting in stegotext.

Tools can be found here:

More Resources :

A Guide to Understanding /Proc

Many Linux users don't understand how much information the /proc file system provides, this simple guide covers the basics of understanding your Linux computer.

read more | digg story

Monday, March 06, 2006

Sunday, March 05, 2006

Shell Tweaks


Setting Alias :

Aliases are abbreviations for commands or sets of commands. Example :
alias h= 'history' now Entering h in shell will execute the history command.
alias ls ='ls -l'
you can set these in .bashrc so that every time you login these aliases will be set

to delete the previous alias definitions issue the commands:
unalias h

Defining Functions :
Functions can also be used to ensure that graphical commands always open in the background:
this can be defined in .bashrc
function gimp

{
command gimp "$@" &
}
Now every time you do gimp it will load it in backgroun automatically.

Searching history :

history n
this will print history of last n commands
for searching it CTRL + R can be user

Directory Name Typos
When changing directory small typos can be ignored by Bash
Enable this in .bashrc
shopt -s cdspell

Bash will cope with each component of the typed path having one missing character, one extra character, or a pair of characters transposed:

$ cd /vr/lgo/apaache
/var/log/apache

Directory Bookmarks
Some directories are changed to more frequently than others.
Can avoid typing their full paths if their parents are in $CDPATH
write this in .bashrc
CDPATH='.:..:../..:dir1:~:~/projects:/var/www/virtual_hosts'
now if dir2 is in projects directory then you can do
cd dir2
~/projects/dir2
It will go to dir2 due to CDPATH


env Lists all environment variable
Commands to be executed on opening shell should be written in .bashrc
Commands to be executed on logout should be written in .bash_logout
For changing the way prompt looks you can set variable PS1

Updated :
Enhancing the System Prompt change PS1 variable
More About Shell

CTRL + L will clear the screen
CTRL + T will interchange last two letter of a command

Some SSH tips

First connecting to a remote host : (althoug trivial)
ssh username@remote_host_ip
The first time around it will ask you if you wish to add the remote host to a list of known_hosts, for that you have to say yes . But if case is that it asks such think again than remote server's host key is changed (such as if SSH was upgraded or the server itself was upgraded). But if there is no upgrade n server side than this may be to trick you into logging into their machine instead so that they can sniff your SSH session.

Now Generating Key :
ssh-keygen -t dsa // here -t specifies type of key

Generating public/private dsa key pair.
Enter file in which to save the key (/home/localuser/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/localuser/.ssh/id_dsa.
Your public key has been saved in /home/localuser/.ssh/id_dsa.pub.
The key fingerprint is:
93:58:20:56:72:d7:bd:14:86:9f:42:aa:82:3d:f8:e5 localuser@mybox.home.co

The reason why you would generate a keyfile is so that you can increase the security of your SSH session by not using your system password. When you generate a key, you are actually generating two key files. One private key and one public key, which is different from the private key. Whenever you connect via ssh to a host that has your public key loaded in the authorized_keys file, it will use a challenge response type of authentication which uses your private key and public key to determine if you should be granted access to that computer It will ask you for your key passphrase though. Now you need to copy to remote machine as :

scp ~/.ssh/id_dsa.pub username@remote_machine_ip:.ssh/authorized_keys

Now if ssh-agent is running on your machine (Most recent distributions will automatically start ssh-agent) then you can do

ssh-add


Now you can try logging into that remote machine again and this time you will notice that it just logs you right in without prompting you for any password or passphrase.

X11 -Session Forwarding

ssh -X username@remote_machine_ip
now you be able to transmit window and bitmap information over a network connection. So essentially you can login to a remote desktop machine and run some X windows program like Gnumeric, Gimp or even Firefox and the program will run on the remote computer, but will display its graphical output on your local computer. If this doen't work then you may need to change file /etc/ssh/sshd_config change the following

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

TCP Port Forwarding :

you can setup a port forward for your connection from your home machine to arvo.suso.org so that it will take connections to localhost port 3066 and forward them to the remote side mysql.suso.org port 3066. for this you can uses
ssh -L 3066:mysql.suso.org:3066 username@arvo.suso.org
The -L (which means Local port) takes one argument of ::, so you specify what host and port the connection will go to on the other side of the SSH connection. When you make a connection to the port, it sends the data through the SSH connection and then connects to : on the other side. From the point of view of , its as if the connection came from the SSH server that you login to. In the case above, arvo.suso.org.

Another useful one is for when you are away from home and can't send mail through your home ISP's mail server because it only allows local connections to block spam. You can create an SSH tunnel to an SSH server that is local your ISP and then have your GUI mail client like Thunderbird make a connection to localhost port 8025 to send the mail. Here is the command to create the tunnel:
ssh -L 8025:smtp.homeisp.net:25 username@shell.homeisp.net


Running command over ssh

ssh username@remotehost_ip ls -al /
Then you can process the output however you want using the normal shell conventions

Using SCP
if you want to copy a file to a directory relative to the home directory for the remote user specified.
scp filename username@remote.host.net:some_dir/new_filename

To copy the file back from the server, you just reverse the from and to
scp username@remote.host.net:some_dir/new_filename filename

for copying some director
scp -r dir_namel username@remote.host.net:


Updated : http://dag.wieers.com/howto/ssh-http-tunneling/
for more on ssh tunneling

Saturday, March 04, 2006

SQL Attacks : Hacking

Yesterday I was participating an hacking competetion in which at one stage I had login on a page and after that can get to next level . When at first i randomly typed any password. then it gave an sql error that " zero row selected" and incorrect password. So I thought of using SQL string injection . SQL is poor in security issues surrounding is the login and url strings. So idea is you give these values in login form :
user : ' OR 1=1--
password : ' OR 1=1--

and voila you are in. the other possible strings for password are :

  • ' OR a=a--
  • ' or 0=0 #
  • ") or ("a"="a
  • ') or ('a'='a
So whats the funda behind this :
When you click "login" or "enter" on webpage the variables 'userid' and 'password' are to sql. The underlying query is :

SELECT * from auth_db where username = ' $userid ' AND password = '$password'

So if you have entered username = admin and password = test123 then query executed will be :
SELECT * from auth_db where username = ' admin ' AND password = 'test123 '

So in auth_db , if userid and password are correct than corresponding row will be selected and as no of rows returned is > 0 you will be granted access. But if password is incorrect than it will retun zero rows and permission won't be granted. But if you use SQL string injection like if you put ' OR 1=1-- as password and username both than query executed will be :

SELECT * from auth_db where username = ' ' OR 1=1-- ' AND password = '' OR 1=1-- '

Because a pair of hyphens designate the beginning of a comment in SQL, the query becomes simply becomes :

SELECT * from auth_db where username = '' OR 1=1

The expression 1=1 is always true for every row in the table, and a true expression or'd with another expression will always return true. So, assuming there's at least one row in the Users table, this SQL will always return a nonzero count of records.So you are logged in now. And if in some cases But many times sql tries to parse = character in input strings and didn't allow to do so, hence trick is using :
' OR userid LIKE '%%

So resultant query will be

SELECT * from auth_db where username = ' ' OR userid LIKE '%% ' AND password = '' OR userid LIKE '%% '
So every string matches '%%' so it returns non zero number of and you are granted access.
Not all SQL injection attacks involve forms authentication. All it takes is an application with some dynamically constructed SQL and untrusted user input. Most SQL-compliant databases, including SQL Server, store metadata in a series of system tables with the names sysobjects, syscolumns, sysindexes, and so on. This means that a hacker could use the system tables to ascertain schema information for a database to assist in the further compromise of the database. For example, the following text entered into the txtFilter textbox might be used to reveal the names of the user tables in the database:
' UNION SELECT id, name, '', 0 FROM sysobjects WHERE
xtype ='U' --
The UNION statement in particular is useful to a hacker because it allows him to splice the results of one query onto another. In this case, the hacker has spliced the names of the user tables in the database to the original query of the Products table. The only trick is to match the number and datatypes of the columns to the original query. The previous query might reveal that a table named Users exists in the database. So after this with multiple queries you can get control over database.

Updated :
Also visit Ten hacker tricks to exploit SQL Server systems
http://us2.php.net/mysql_real_escape_string
http://www.unixwiz.net/techtips/sql-injection.html
*******************************************************************************
WARNING: the information provided is for educationally purposes only and not to be used for malicious use. i hold no responsibility
********************************************************************************

Linux File Structure

The Linux system contains thousand of files located within many directories. All directories are organized in a tree-structure like manner. So here is image depicting linux file strucure.

Wednesday, March 01, 2006

Multimedia Databases

As I am doing a literature survey on multimedia-databases for my seminar under Prof N. L. Sarda. I have set up blog : http://multimediadb.blogspot.com
As i explore this field i'll be posting on this blog.

Cool News/Map Mashup : Whats Up

Jeff Clavier points out this very cool visualization of news on a map.
I particularly like this one: What's Up, a news map display developed by Jeroen Wijering, a UI designer recently graduated from the Eidhoven Design Academy. It basically displays headlines from a bunch of news (geolocated) RSS feeds on a planisphere.


Check link here