Monday, November 20, 2006
Tag
There goes my attempt on tagging:
1.I love: Almost everything in the world. But if you are asking about my TPs then it would go in this manner:
· Music
· Wondering around...
· Movies
· Books
· TV
· Eating
I love being what I am.
I love sitting alone sometimes listening to the silence.Silence also has a sound u know.
I love talking (With somebody who has the same frequency with me)
2. I hate if somebody tries to dominate me, gives order and says something as wrong while he/she himself doesn’t know the answer.
I hate Big Mouths. I hate when somebody unnecessarily praise me..I hate those ppl who stick to the past. I hate when somebody tries to
prove that India is the best country in the world, and everybody else is trying to copy us :-)
Lets stop here today...More is coming
Friday, November 17, 2006
Matrix
The problems of life should have been like the Technical problems we face day in day out. And you can solve it within second if you know the answer. Either you know it or you dont know it. There is no grey area. If you dont know it then search the Google, and voila you have your answer. But I dont know why human beings act illogically. You cant define anybody. You cannot predict anything. In the tech world everything is so easy. U design something to work for a fixed pattern and it will work like that only, if you have your design correctly made. People should be like Softwares, at least they should have been predictable.
The situation would have been like this:
1. You need a friend. U search for a person with X,Y,Z qualities. You get one somewhere and you have a friend for life. No problem. No quarrels.
2. You dont have a friend. And in the entire earth there is nobody with those qualities. But you like someone. What you do you write a software with all the if and buts for all the situations. And you go to that person and install the software and you have a friend for life. No problem. No quarrels.
3. You face a deep problem. so what you do you make a study of the problem Try to find the root cause and solve it by writing an algorithm, or by installing some patches..
4........
So the possibilities are numerous. What do you say? Should we go to a future like this.....
Wednesday, November 15, 2006
Samy
Have you heard about "Samy Worm" or "JS.Spacehero worm"?
Ok you might not. You must have heard about MySpace though. It is the father of Orkut where you can do lots of things. It is one of those networking sites.And apart from just networking you can also do lots of other stuff like chatting,file sharing etc etc. And you can design you own page as well. Thats cool ha!!!!
Now there was this guy called 'Samy' who wanted to have firends, and as happens with all the guys he too wanted girl friends. So he sent friend requests to many pretty ladies but all of them rejected him.
Now he devised a noble way of making friends,and his listen to his ways by his own mouth(http://namb.la/popular)=
I began to examine the site some more, seeing how they restrict things, what they restrict, taking some breaks to look at profiles of really hot girls, trying to add them as friends and getting rejected, and getting back to making my profile cool so that they would add me as a friend later. Chicks dig cool profiles. After a little bit of messing around, I found that I could put in a longer headline than what they allowed. Hell, I could even get around their other restrictions and get HTML in there in order to add cool "effects" to my page that other people can't add. Yeah, that will get me chicks. Girls want guys who have computer hacking skills.
Let's see here...what would make my profile rock. Well, the most popular profiles on myspace pretty much consist of people with the IQ and English delivery skills of Kanye West so I don't want to mimic those, but popularity begets popularity. I need some more friends. I need people to love me. I delved into the bug and found that I could basically control the web browsing of anyone who hit my profile. In fact, I was able to develop something that caused anyone who viewed my profile to add my name to their profile's list of heroes. It's villainous. I was ecstatic.
But it wasn't enough. I needed more. So I went deeper. A Chipotle burrito bol and a few clicks later, anyone who viewed my profile who wasn't already on my friends list would inadvertently add me as a friend. Without their permission. I had conquered myspace. Veni, vidi, vici.
But it wasn't enough.
If I can become their friend...if I can become their hero...then why can't their friends become my friend...my hero. I can propagate the program to their profile, can't I. If someone views my profile and gets this program added to their profile, that means anyone who views THEIR profile also adds me as a friend and hero, and then anyone who hits THOSE people's profiles add me as a friend and hero... So if 5 people viewed my profile, that's 5 new friends. If 5 people viewed each of their profiles, that's 25 more new friends. And after that, well, that's when things get difficult. The math, I mean.
And within 20 hours he had 1,000,000+ users
So what he did actually=
Please note that this code and explanation was only released AFTER MySpace resolved this.
None of this would work on MySpace at the time it was released and it will not work now. Otherwise, there would have been mayhem.
Now, let's talk more about the problems encountered, workarounds, and how it worked in general.
1) Myspace blocks a lot of tags. In fact, they only seem to allow ‘a’, ‘img’s, and ‘div’s...maybe a few others (‘embed’'s, I think). They wouldn't allow ‘script’s, ‘body’s, onClicks, onAnythings, href's with javascript, etc...However, some browsers (IE, some versions of Safari, others) allow javascript within CSS tags. We needed javascript to get any of this to even work.
Example: ‘div style="background:url('javascript:alert(1)')"‘
2) We couldn't use quotes within the div because we had already used up single quotes and double quotes already. This made coding JS very difficult. In order to get around it, we used an expression to store the JS and then executed it by name.
Example: ‘div id="mycode" expr="alert('hah!')" style="background:url('javascript:eval(document.all.mycode.expr)')"‘
3) Sweet! Now we can do javascript with single quotes. However, myspace strips out the word "javascript" from ANYWHERE. To get around this, some browsers will actually interpret "java\nscript" as "javascript" (that's java’NEWLINE’script).
Example: ‘div id="mycode" expr="alert('hah!')" style="background:url('java
script:eval(document.all.mycode.expr)')"‘
4) Okay, while we do have single quotes working, we sometimes NEED double quotes. We'll just escape quotes, e.g., "foo\"bar". Myspace got me...they STRIP OUT all escaped quotes, whether single or double. However, we can just convert decimal to ASCII in javascript to actually produce the quotes.
Example: ‘div id="mycode" expr="alert('double quote: ' + String.fromCharCode(34))" style="background:url('java
script:eval(document.all.mycode.expr)')"‘
5) In order to post the code to the user's profile who is viewing it, we need to actually get the source of the page. Ah, we can use document.body.innerHTML in order to get the page source which includes, in only one spot, the ID of the user viewing the page. Myspace gets me again and strips out the word "innerHTML" anywhere. To avoid this, we use an eval() to evaluate two strings and put them together to form "innerHTML".
Example: alert(eval('document.body.inne' + 'rHTML'));
6) Time to actually access other pages. We would use iframes, but usually (even when hidden), iframes aren't as useful and are more obvious to the user that "something else" is going on. So, we use XML-HTTP in order for the actual client to make HTTP GETs and POSTs to pages. However, myspace strips out the word "onreadystatechange" which is necessary for XML-HTTP requests. Again, we can use an eval to evade this. Another plus to XML-HTTP is that the necessary cookies required to perform actions on myspace are passed along without any hassle.
Example: eval('xmlhttp.onread' + 'ystatechange = callback');
7) Time to perform a GET on the user's profile so that we can get their current list of heroes. We don't want to remove any heroes, we just want to append myself to their pre-existing list of heroes. If we GET their profile, we can grab their heroes and store it for later. With all the above figured out, this is simple with an XML-HTTP request except that we have to get the friend ID of the actual user viewing a profile. Like we said above, we can do this by grabbing the source of the page we're on. However, now we need to perform a search in the page for a specific word to find it. So we perform this search, however if we do this, we may end up finding our actual code since it contains the same exact word we're looking for...because saying "if this page contains 'foo', do this", that will always return true because it can always find foo within the actual code that does the searching. Another eval() with a combination of strings avoids this problem.
Example: var index = html.indexOf('frien' + 'dID');
8) At this point, we have the list of heroes. First, let's add me as a friend by performing an XML-HTTP POST on the addFriends page. Oh no, this doesn't work! Why not? We're on profile.myspace.com, however the POSTing needs to be done on www.myspace.com. No big deal, however XML-HTTP won't allow GETs/POSTs to sites with a different domain name. To get around this, let's actually go to the same URL but on www.myspace.com. You can still view profiles from www.myspace.com, so reloading the page on the domain we want to be on allows us to do the POST.
Example: if (location.hostname == 'profile.myspace.com') document.location = 'http://www.myspace.com' + location.pathname + location.search;
9) Finally we can do a POST! However, when we send the post it never actually adds a friend. Why not? Myspace generates a random hash on a pre-POST page (for example, the "Are you sure you want to add this user as a friend" page). If this hash is not passed along with the POST, the POST is not successful. To get around this, we mimic a browser and send a GET to the page right before adding the user, parse the source for the hash, then perform the POST while passing the hash.
10) Once the POST is complete, we also want to add a hero and the actual code. The code will end up going into the same place where the hero goes so we'll only need one POST for this. However, we need to pre-GET a page in order to get a new hash. But first we have to actually reproduce the code that we want to POST. The easiest way to do this is to actually grab the source of the profile we're on, parse out the code, and then POST. This works except now all sorts of things are garbled! Ah, we need to URL-encode/escape the actual code in order to POST it properly. Weird, still doesn't work. Apparently javascript's URL-encoding and escape() function doesn't escape everything necessary so we'll need to manually do some replacing here in order to get the necessary data escaped. We add a little "but most of all, samy is my hero." to the mix, append all the code right after, and voila. We have self-reproducing code, a worm if you will.
11) Other limits, such as a maximum length, imposed other problems and required tight code, no spaces, obfuscated names, reusable functions, etc..
There were a few other complications and things to get around. This was not by any means a straight forward process, and none of this was meant to cause any damage or piss anyone off. This was in the interest of..interest. It was interesting and fun!
You can get the details of the code and other technical stuff in the link:
http://namb.la/popular
Ok you might not. You must have heard about MySpace though. It is the father of Orkut where you can do lots of things. It is one of those networking sites.And apart from just networking you can also do lots of other stuff like chatting,file sharing etc etc. And you can design you own page as well. Thats cool ha!!!!
Now there was this guy called 'Samy' who wanted to have firends, and as happens with all the guys he too wanted girl friends. So he sent friend requests to many pretty ladies but all of them rejected him.
Now he devised a noble way of making friends,and his listen to his ways by his own mouth(http://namb.la/popular)=
I began to examine the site some more, seeing how they restrict things, what they restrict, taking some breaks to look at profiles of really hot girls, trying to add them as friends and getting rejected, and getting back to making my profile cool so that they would add me as a friend later. Chicks dig cool profiles. After a little bit of messing around, I found that I could put in a longer headline than what they allowed. Hell, I could even get around their other restrictions and get HTML in there in order to add cool "effects" to my page that other people can't add. Yeah, that will get me chicks. Girls want guys who have computer hacking skills.
Let's see here...what would make my profile rock. Well, the most popular profiles on myspace pretty much consist of people with the IQ and English delivery skills of Kanye West so I don't want to mimic those, but popularity begets popularity. I need some more friends. I need people to love me. I delved into the bug and found that I could basically control the web browsing of anyone who hit my profile. In fact, I was able to develop something that caused anyone who viewed my profile to add my name to their profile's list of heroes. It's villainous. I was ecstatic.
But it wasn't enough. I needed more. So I went deeper. A Chipotle burrito bol and a few clicks later, anyone who viewed my profile who wasn't already on my friends list would inadvertently add me as a friend. Without their permission. I had conquered myspace. Veni, vidi, vici.
But it wasn't enough.
If I can become their friend...if I can become their hero...then why can't their friends become my friend...my hero. I can propagate the program to their profile, can't I. If someone views my profile and gets this program added to their profile, that means anyone who views THEIR profile also adds me as a friend and hero, and then anyone who hits THOSE people's profiles add me as a friend and hero... So if 5 people viewed my profile, that's 5 new friends. If 5 people viewed each of their profiles, that's 25 more new friends. And after that, well, that's when things get difficult. The math, I mean.
And within 20 hours he had 1,000,000+ users
So what he did actually=
Please note that this code and explanation was only released AFTER MySpace resolved this.
None of this would work on MySpace at the time it was released and it will not work now. Otherwise, there would have been mayhem.
Now, let's talk more about the problems encountered, workarounds, and how it worked in general.
1) Myspace blocks a lot of tags. In fact, they only seem to allow ‘a’, ‘img’s, and ‘div’s...maybe a few others (‘embed’'s, I think). They wouldn't allow ‘script’s, ‘body’s, onClicks, onAnythings, href's with javascript, etc...However, some browsers (IE, some versions of Safari, others) allow javascript within CSS tags. We needed javascript to get any of this to even work.
Example: ‘div style="background:url('javascript:alert(1)')"‘
2) We couldn't use quotes within the div because we had already used up single quotes and double quotes already. This made coding JS very difficult. In order to get around it, we used an expression to store the JS and then executed it by name.
Example: ‘div id="mycode" expr="alert('hah!')" style="background:url('javascript:eval(document.all.mycode.expr)')"‘
3) Sweet! Now we can do javascript with single quotes. However, myspace strips out the word "javascript" from ANYWHERE. To get around this, some browsers will actually interpret "java\nscript" as "javascript" (that's java’NEWLINE’script).
Example: ‘div id="mycode" expr="alert('hah!')" style="background:url('java
script:eval(document.all.mycode.expr)')"‘
4) Okay, while we do have single quotes working, we sometimes NEED double quotes. We'll just escape quotes, e.g., "foo\"bar". Myspace got me...they STRIP OUT all escaped quotes, whether single or double. However, we can just convert decimal to ASCII in javascript to actually produce the quotes.
Example: ‘div id="mycode" expr="alert('double quote: ' + String.fromCharCode(34))" style="background:url('java
script:eval(document.all.mycode.expr)')"‘
5) In order to post the code to the user's profile who is viewing it, we need to actually get the source of the page. Ah, we can use document.body.innerHTML in order to get the page source which includes, in only one spot, the ID of the user viewing the page. Myspace gets me again and strips out the word "innerHTML" anywhere. To avoid this, we use an eval() to evaluate two strings and put them together to form "innerHTML".
Example: alert(eval('document.body.inne' + 'rHTML'));
6) Time to actually access other pages. We would use iframes, but usually (even when hidden), iframes aren't as useful and are more obvious to the user that "something else" is going on. So, we use XML-HTTP in order for the actual client to make HTTP GETs and POSTs to pages. However, myspace strips out the word "onreadystatechange" which is necessary for XML-HTTP requests. Again, we can use an eval to evade this. Another plus to XML-HTTP is that the necessary cookies required to perform actions on myspace are passed along without any hassle.
Example: eval('xmlhttp.onread' + 'ystatechange = callback');
7) Time to perform a GET on the user's profile so that we can get their current list of heroes. We don't want to remove any heroes, we just want to append myself to their pre-existing list of heroes. If we GET their profile, we can grab their heroes and store it for later. With all the above figured out, this is simple with an XML-HTTP request except that we have to get the friend ID of the actual user viewing a profile. Like we said above, we can do this by grabbing the source of the page we're on. However, now we need to perform a search in the page for a specific word to find it. So we perform this search, however if we do this, we may end up finding our actual code since it contains the same exact word we're looking for...because saying "if this page contains 'foo', do this", that will always return true because it can always find foo within the actual code that does the searching. Another eval() with a combination of strings avoids this problem.
Example: var index = html.indexOf('frien' + 'dID');
8) At this point, we have the list of heroes. First, let's add me as a friend by performing an XML-HTTP POST on the addFriends page. Oh no, this doesn't work! Why not? We're on profile.myspace.com, however the POSTing needs to be done on www.myspace.com. No big deal, however XML-HTTP won't allow GETs/POSTs to sites with a different domain name. To get around this, let's actually go to the same URL but on www.myspace.com. You can still view profiles from www.myspace.com, so reloading the page on the domain we want to be on allows us to do the POST.
Example: if (location.hostname == 'profile.myspace.com') document.location = 'http://www.myspace.com' + location.pathname + location.search;
9) Finally we can do a POST! However, when we send the post it never actually adds a friend. Why not? Myspace generates a random hash on a pre-POST page (for example, the "Are you sure you want to add this user as a friend" page). If this hash is not passed along with the POST, the POST is not successful. To get around this, we mimic a browser and send a GET to the page right before adding the user, parse the source for the hash, then perform the POST while passing the hash.
10) Once the POST is complete, we also want to add a hero and the actual code. The code will end up going into the same place where the hero goes so we'll only need one POST for this. However, we need to pre-GET a page in order to get a new hash. But first we have to actually reproduce the code that we want to POST. The easiest way to do this is to actually grab the source of the profile we're on, parse out the code, and then POST. This works except now all sorts of things are garbled! Ah, we need to URL-encode/escape the actual code in order to POST it properly. Weird, still doesn't work. Apparently javascript's URL-encoding and escape() function doesn't escape everything necessary so we'll need to manually do some replacing here in order to get the necessary data escaped. We add a little "but most of all, samy is my hero." to the mix, append all the code right after, and voila. We have self-reproducing code, a worm if you will.
11) Other limits, such as a maximum length, imposed other problems and required tight code, no spaces, obfuscated names, reusable functions, etc..
There were a few other complications and things to get around. This was not by any means a straight forward process, and none of this was meant to cause any damage or piss anyone off. This was in the interest of..interest. It was interesting and fun!
You can get the details of the code and other technical stuff in the link:
http://namb.la/popular
Action
In Life sometimes some of the things happen just without a reason. And you try to explain them you just cannot. I dont try to justify many of the things I have done or doing. I dont want to. It would be lies if I say I dont care about anything or anybody. I am susceptible. I am vulnerable. But I try to be honest. And I want to take my chance. May be some of the things in life are just inexplainable.May be thats the case. I try to find a reason behind everything. If somebody just says something that is not acceptable to me. You have to justify that by action. ACTION is the only word which has true meaning. Nothing else..Abosultely nothing else.
Saturday, November 04, 2006
Fw: India 2030 .... good one.
Just one of those forwards..But I liked it
Year : 2030
Place : IBM, USA (Two Americans Talking)
Currency Conversion Rate : INR 1 Rs = USD $ 100
Alex: Hi John, you didn't come yesterday to office?
John: Yeah, I was in Indian Embassy for stamping.
Alex: Oh really, what happened, I heard that nowadays it has become very strict.
John: Yeah, but I managed to get it.
Alex: How long it took to get it stamped?
John: Oh, it was nasty man, long queue. Bill Gates was standing in front of me and they played with him like anything. That's why it got delayed. I went there at 2 amitself and waited and returned by 4pm.
Alex: Really? In India, it is a matter of an hour to get stamped for USA
John: Yeah, but that is because who in Indiawill be interested in coming to USAman, their economy has been booming.
Alex: So, when are you leaving?
John: Anytime, after receiving my tickets from the client in Indiaand you know, I will be getting a chance to fly Air-India. Sort of dream come true.
Alex: How long are you going to stay in India.
John: What do you mean by how long? I will be settled in India, my company has promised me that they will process my Hara Patta ..(green card)
Alex: Really, lucky person man, it is very difficult to get a Hara Patta in India.
John: Yeah, that's why, I am planning to marry an Indian girl there.
Alex: But you can find lots of US girls in Hyderabad, Bangaloreand Mumbai.
John: But, I prefer Indian girls because they are beautiful and cultured.
Alex: Where did you get the offer, Bangalore ?
John: Yeah, salary is good there, but cost of living is quite high, it is Rs. 1000/- for a single room accommodation.
Alex: I see, that's too much for US people, Rs.1/- =$100/-. Oh God! what about in Hyderabad , Mumbai?
John: No idea, but it is less than what we have in Bangalore . It is like the world headquarters of software
Alex: I heard, almost all the Indians are having one personal Robot for help.
John: You can get a BMW car for Rs. 5000/-, and a personal Robot for less than Rs.7500/-. But my dream is to purchase Ambassador, which costs Rs.2,00,000/- but has got a lovely design.
Alex: By the way, who is your client?
John: Subbarao and Apparao Associates, a pure Indian company, specialising in Embedded Software.
Alex: Oh, really, lucky to work in a pure Indian company. They are really intelligent and unlike American Bodyshoppers who have opened their Fly-by-night outfits in India. Indian companies pay you in full even when you are on bench.
My friend Paul Allen, it seems, used his bench time to visit Bihar, the most liveable place in India, probably world. There you have full freedom and no restrictions. You can do whatever you want! I wonder how that state has perfected that system.
John: Yeah man!, you are right. I hope our Americaalso follows their footsteps.
Alex: How are you going to cope with their language?
John: Why not? From my school days I have been learning Hindi as my first language here at New York. At the Consulate they tested my proficiency in Hindi and were quite impressed by my cent per cent score in TOHIL i.e. Test of Hindi as International Language.
Alex: So, you are going to have fun there.
John: Yeah, I will be travelling in the world's fastest train, world's largest theme park, and the famous Bollywood where you can see actors like, Hrithik, Shah Rukh Khan and all. Esselworld is also near Bollywood.
Alex: You know, the PM is scheduled to visit US next year, he may then relax the number of visas.
John: That's true. Last month, Narayana Murthy visited White House and donated Rs. 2000/- for infrastructure development at aSiliconValleyand has promised more if we follow the model of High-Tech City of Bangalore . Bill Gates also got a chance of meeting him. Very lucky person.
Alex: But, Indian government is planning to split Narayanamurthy's Infosys.
John: He is a hard worker man, he can build any number of Infosys like this. Every minute he is getting Rs. 1000/-. It seems, if you keep all his money converted as Rs. 100/- notes you can reach Pluto.
Alex: OK, Good Luck John.
John: Same to you Alex. And don't go to Consulate in a "Kurta Pyjama" because they will think you are too Indianised and may doubt you will never come back and hence your Non-Immigrant Visa may get rejected. But don't forget to say " Namaste, aap kaise hai " to the Visa officer at Window 5. It seems he likes that and will not give you a visa if you don't greet him that way.
First e-mail blog
I am just trying to publish my first e-mail blog. It is really bad that mobile blog are still not being supported from India. Lets see how it goes, it is really cool to be able to do it.....
Subscribe to:
Posts (Atom)