Friday, February 11, 2011

Javascript Marque

One of my colleague wanted a simple Javascript marque for some mobile site. Supports only plain text. Demo link below.

- yam

Monday, February 07, 2011

Stupid bugs from conflicting classes

A few days back, one of our systems started behaving weird. I can't explain what all happened, but it was weird. Anyway, we put logging statements, changed the input parameters etc and tested it on one of our development machines. Nothing happened. To our surprise, even some logging statements were missing. We rechecked the build process and made sure, eclipse is REALLY REALLY building this thing. Console logs said, it was REALLY REALLY building it. Hmm.. so, what might be wrong :-? After thinking for a while, I asked the developer if he had copied/reused any code. "Aaa.. Umm... yes.. I had copied one XXXX class...". lol! He copied the entire class along with the package structure. What should I say, copy/paste helps and kills too. I know, this level of copy/paste is not at all acceptable, but again, fresher, deadlines, pressure etc.

To not to repeat this mistake again, I wrote a small Java Program which reads all the jar files in a directory and prints out any conflicting classes along with the jar file name. Link below.

- yam

Wednesday, February 02, 2011

Human errors and Password Harvesting

This trick of collecting passwords came to my mind after me repeatedly committing the same mistake multiple times. Yes, call me an asshole but it happens. Its human to make errors. Its this human behavior that can be harnessed by any website or service to collect passwords.

How you say?

Simple. Store all the invalid passwords that the user has entered along with the login name.

This works because most people today are internet savvy and will have signed up for services like Email, SMS, Net Banking, Shopping etc. As we are humans and not machines, we find it difficult to remember multiple passwords. What do we do next? We agree upon common phrase and one variable phrase based upon the website or service or something else all together. A combination of the both is the complete password.
Whatever the combination we might agree upon, the time when we have to enter the password for service A, we type the password, but many times the wrong password or the password of some other website or service B.

So now you have a list of invalid passwords of a particular person, you have his personal information, like alternate email id, library card number(used as secret question, can be your customer id for a bank..or whatever) etc. What you do is simply try the invalid passwords on the alternate email id, against open-id enabled sites etc.There might be some more use cases but these two are the ones that come to my mind most of the time.

I am not good at writing. I know the closing of the post is improper. It sounds incomplete, cant help it. I said what I had on my mind.

Thank you for reading this :)

- yam